Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.FileRepMalware.26489.28570.exe

Overview

General Information

Sample name:SecuriteInfo.com.FileRepMalware.26489.28570.exe
Analysis ID:1636714
MD5:b5104457321663c4e3833f87c5717794
SHA1:5736b960ba82b520f3b66b30c9514b17964badfe
SHA256:feb26e2a9cfaf305b9d840bf37983abeb62150114d9f60a7ca18e94478391c3f
Tags:exeuser-SecuriteInfoCom
Infos:

Detection

Score:72
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
AI detected suspicious Javascript
Drops PE files to the document folder of the user
Installs a global keyboard hook
Sample or dropped binary is a compiled AutoHotkey binary
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTML body with high number of embedded SVGs detected
Installs a global mouse hook
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.FileRepMalware.26489.28570.exe (PID: 6508 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe" MD5: B5104457321663C4E3833F87C5717794)
    • chrome.exe (PID: 6892 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/watch?v=b-R38MGbZLo?autoplay=1&controls=2&loop=1 MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 3052 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1908,i,775039850859433551,646617981819744554,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2028 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 1716 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=1908,i,775039850859433551,646617981819744554,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4156 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1908,i,775039850859433551,646617981819744554,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=3432 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-13T02:28:18.150266+010020283713Unknown Traffic192.168.2.74968435.208.197.37443TCP
2025-03-13T02:28:20.550691+010020283713Unknown Traffic192.168.2.74968535.208.197.37443TCP
2025-03-13T02:28:27.927294+010020283713Unknown Traffic192.168.2.74968735.208.197.37443TCP
2025-03-13T02:28:30.397889+010020283713Unknown Traffic192.168.2.74969935.208.197.37443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: SecuriteInfo.com.FileRepMalware.26489.28570.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.FileRepMalware.26489.28570.exeReversingLabs: Detection: 26%
Source: SecuriteInfo.com.FileRepMalware.26489.28570.exeVirustotal: Detection: 39%Perma Link

Phishing

barindex
AI detected suspicious Javascript
Source: 1.71.d.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates high-risk indicators, including dynamic code execution through the use of `eval` and the `Function` constructor. It also exhibits obfuscated code, which is a common technique used in malicious scripts. The overall behavior and structure of the script suggest it is highly suspicious and likely malicious in nature.
Source: 1.125.d.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. The use of `eval` and the construction of dynamic function calls pose a significant security risk, as they can allow the execution of arbitrary code. Additionally, the script appears to be heavily obfuscated, making it difficult to analyze and understand its true purpose. Overall, this script exhibits a high level of malicious intent and should be considered a serious security threat.
Source: https://www.youtube.com/watch?v=b-R38MGbZLoHTTP Parser: Total embedded SVG size: 111356
Source: https://www.youtube.com/watch?v=b-R38MGbZLoHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 37.120.188.94:443 -> 192.168.2.7:49683 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.208.197.37:443 -> 192.168.2.7:49684 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.208.197.37:443 -> 192.168.2.7:49687 version: TLS 1.2
Source: Binary string: _.y(FDb,sE);FDb.prototype.getAssociations=function(){return[]};_.AE=new _.V("reelNonVideoContentEndpoint");_.kq=new _.V("reelWatchEndpoint");_.BE=new _.V("reelItemRenderer");var GDb=new _.V("reelMetapanelViewModel");_.HDb=new _.V("reelNonVideoContentRenderer");_.IDb=new _.V("reelPlayerOverlayRenderer");var JDb=new _.V("shortsLockupViewModel");var KDb=new _.V("sponsorButtonViewModel");var LDb=new _.V("reelItemWatchResponse");var MDb=new _.V("textBadgeRenderer");_.CE=new _.V("buttonRenderer");_.DE=new _.V("toggleButtonRenderer");var y1a=new _.V("switchButtonViewModel");_.NDb=new _.V("confirmDialogRenderer");var ODb;ODb=new _.V("menuRenderer");_.PDb=new _.V("menuFlexibleItemRenderer");var QDb=new _.V("pollRenderer");_.RDb=new _.V("backgroundPromoRenderer");var TDb;_.SDb=new _.V("chipCloudRenderer");TDb=new _.V("chipCloudChipRenderer");var UDb=new _.V("dropdownRenderer");var VDb=new _.V("gridVideoRenderer");_.t4a=new _.V("itemSectionRenderer");_.WDb=new _.V("messageRenderer");var XDb=new _.V("sortFilterHeaderRenderer");_.YDb=new _.V("videoRenderer");var ZDb=function(){sE.apply(this,arguments)}; source: chromecache_540.2.dr
Source: Binary string: _.f.resetFlexibleItems=function(){var a;if((a=this.data)!=null&&a.flexibleItems){_.w("web_fix_missing_action_buttons")||this.hostElement.removeEventListener("yt-rendererstamper-finished",this.maybeUpdateFlexibleMenu);var b;this.flexAsTopLevelButtons=(b=this.data.flexibleItems)==null?void 0:b.map(function(c){return _.x(c,_.PDb).topLevelButton}); source: chromecache_540.2.dr
Source: Binary string: _.f.computeItems=function(a,b){if(!a)return[];var c=[];if(b){var d=(a.flexibleItems||[]).map(function(k){return _.x(k,_.PDb)}); source: chromecache_540.2.dr
Source: Binary string: m=!1;if(a){var u,v,B;m=(((u=a.videoPrimaryInfoRenderer)==null?void 0:(v=u.videoActions)==null?void 0:(B=v.menuRenderer)==null?void 0:B.flexibleItems)||[]).some(function(C){C=_.x(C,_.PDb);if(!C)return!1;var G,M;C=(G=C.topLevelButton)==null?void 0:(M=G.buttonViewModel)==null?void 0:M.onTap;if(!C)return!1;G=_.fs(C);if(!G)return!1;var L;return((L=_.x(G,_.tw))==null?void 0:L.panelIdentifier)==="PAyouchat"})}m&&(u=_.w4a("PAyouchat"),u.engagementPanelSectionListRenderer.targetId="PAyouchat",u.engagementPanelSectionListRenderer.visibility= source: chromecache_540.2.dr
Source: chrome.exeMemory has grown: Private usage: 1MB later: 75MB
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49685 -> 35.208.197.37:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49687 -> 35.208.197.37:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49699 -> 35.208.197.37:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49684 -> 35.208.197.37:443
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.215.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.98.62
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.215.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.98.62
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 172.106.34.219
Source: unknownTCP traffic detected without corresponding DNS query: 172.106.34.219
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.195
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.195
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.195
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.195
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.195
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.195
Source: unknownTCP traffic detected without corresponding DNS query: 172.106.34.219
Source: unknownTCP traffic detected without corresponding DNS query: 172.106.34.219
Source: unknownTCP traffic detected without corresponding DNS query: 172.106.34.219
Source: unknownTCP traffic detected without corresponding DNS query: 172.106.34.219
Source: unknownTCP traffic detected without corresponding DNS query: 172.106.34.219
Source: unknownTCP traffic detected without corresponding DNS query: 172.106.34.219
Source: unknownTCP traffic detected without corresponding DNS query: 172.106.34.219
Source: unknownTCP traffic detected without corresponding DNS query: 172.106.34.219
Source: unknownTCP traffic detected without corresponding DNS query: 172.106.34.219
Source: unknownTCP traffic detected without corresponding DNS query: 172.106.34.219
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 172.106.34.219
Source: unknownTCP traffic detected without corresponding DNS query: 172.106.34.219
Source: unknownTCP traffic detected without corresponding DNS query: 172.106.34.219
Source: unknownTCP traffic detected without corresponding DNS query: 172.106.34.219
Source: unknownTCP traffic detected without corresponding DNS query: 172.106.34.219
Source: unknownTCP traffic detected without corresponding DNS query: 172.106.34.219
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknownTCP traffic detected without corresponding DNS query: 172.106.34.219
Source: unknownTCP traffic detected without corresponding DNS query: 172.106.34.219
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknownTCP traffic detected without corresponding DNS query: 172.106.34.219
Source: unknownTCP traffic detected without corresponding DNS query: 172.106.34.219
Source: global trafficHTTP traffic detected: GET /ipraw.php HTTP/1.1User-Agent: AutoHotkeyCache-Control: no-cacheHost: 7fw.deConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /generate_204 HTTP/1.1Host: i.ytimg.comConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-form-factors: "Desktop"sec-ch-ua-wow64: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiKo8sBCIWgzQEI9s/OAQiB1s4BCMnczgEIhODOAQii5M4BCK/kzgEI6eTOAQ==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /vi/b-R38MGbZLo?autoplay=1/hqdefault.jpg HTTP/1.1Host: i.ytimg.comConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-form-factors: "Desktop"sec-ch-ua-wow64: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiKo8sBCIWgzQEI9s/OAQiB1s4BCMnczgEIhODOAQii5M4BCK/kzgEI6eTOAQ==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /generate_204 HTTP/1.1Host: rr2---sn-p5qs7n6d.googlevideo.comConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-form-factors: "Desktop"sec-ch-ua-wow64: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiKo8sBCIWgzQEI9s/OAQiB1s4BCMnczgEIhODOAQii5M4BCK/kzgEI6eTOAQ==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /generate_204?conn2 HTTP/1.1Host: rr2---sn-p5qs7n6d.googlevideo.comConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-form-factors: "Desktop"sec-ch-ua-wow64: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiKo8sBCIWgzQEI9s/OAQiB1s4BCMnczgEIhODOAQii5M4BCK/kzgEI6eTOAQ==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /instream/ad_status.js HTTP/1.1Host: static.doubleclick.netConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-form-factors: "Desktop"sec-ch-ua-wow64: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiKo8sBCIWgzQEI9s/OAQiB1s4BCMnczgEIhODOAQii5M4BCK/kzgEI6eTOAQ==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/id HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-form-factors: "Desktop"sec-ch-ua-wow64: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: */*Origin: https://www.youtube.comX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiKo8sBCIWgzQEI9s/OAQiB1s4BCMnczgEIhODOAQii5M4BCK/kzgEI6eTOAQ==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /js/th/xzvIUYBzdhZS925KvT8kuZv6GR6ELo6m3CWz4Qqns1M.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-form-factors: "Desktop"sec-ch-ua-wow64: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiKo8sBCIWgzQEI9s/OAQiB1s4BCMnczgEIhODOAQii5M4BCK/kzgEI6eTOAQ==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/id HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-form-factors: "Desktop"sec-ch-ua-wow64: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: */*Origin: https://www.youtube.comX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiKo8sBCIWgzQEI9s/OAQiB1s4BCMnczgEIhODOAQii5M4BCK/kzgEI6eTOAQ==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-form-factors: "Desktop"sec-ch-ua-wow64: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: */*Origin: https://www.youtube.comX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiKo8sBCIWgzQEI9s/OAQiB1s4BCMnczgEIhODOAQii5M4BCK/kzgEI6eTOAQ==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/lvz?evtid=ACd6KtyM0J1dYpHMqINeqBLpl-NBy_jwHubG-cgyjCx729vjvMiBCC9miLNWjw1k6RxwV36Ifva_ekuXb-171oupB6cYM6PSrw&req_ts=1741829310&pg=MainAppBootstrap%3AWatch&az=1&sigh=AB9vU42kyxR20IObZeLKUKtg8FMuJzzJOA HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-form-factors: "Desktop"sec-ch-ua-wow64: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiKo8sBCIWgzQEI9s/OAQiB1s4BCMnczgEIhODOAQii5M4BCK/kzgEI6eTOAQ==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/lvz?evtid=ACd6KtyM0J1dYpHMqINeqBLpl-NBy_jwHubG-cgyjCx729vjvMiBCC9miLNWjw1k6RxwV36Ifva_ekuXb-171oupB6cYM6PSrw&req_ts=1741829310&pg=MainAppBootstrap%3AWatch&az=1&sigh=AB9vU42kyxR20IObZeLKUKtg8FMuJzzJOA HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiKo8sBCIWgzQE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=522=VTLR5FHq5yTv1spE0TvoFKty48nOLn-mLEbAWyy53Mjg4l3ZCvAP_P4uxLv026MWwEb93v0M6c1RxV4NCJWENOLxY1ADG3J04D0InRXy71almCJW8YLjTwviRUUrE3DATFXd3iogHUjtu92mUBQ7iQHGcyusY26Gqg9s8Spkm8WozQ-3ghXIGuKksKuAIkfa5w
Source: global trafficHTTP traffic detected: GET /upload/files/Rotate/Rotate.ini HTTP/1.1User-Agent: AutoHotkeyHost: www.williamrubano.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /ipraw.php HTTP/1.1User-Agent: AutoHotkeyHost: 7fw.deCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /time/1/current?cup2key=8:KFnZ2R_371xyI1WAsPKn5r4zmr5NDODSIXlc68Po3y8&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1Host: clients2.google.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate
Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /upload/files/Rotate/Rotate.ini HTTP/1.1User-Agent: AutoHotkeyHost: www.williamrubano.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /upload/files/Rotate/Rotate.ini HTTP/1.1User-Agent: AutoHotkeyHost: www.williamrubano.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /upload/files/Rotate/Rotate.ini HTTP/1.1User-Agent: AutoHotkeyHost: www.williamrubano.comCache-Control: no-cache
Source: chromecache_540.2.drString found in binary or memory: "&label=videoskipped&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+fa+";dc_exteid="+Ab+";met="+fa+";ecn"+fa+"="+fa+";etm1="+fa+";eid1="+Jb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],closePings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+v+"&cid="+ea+"&label=adclose&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"}],progressPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: "&sig="+cb+"&ad_cpn=[AD_CPN]&id="+Sf+"&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]&avm="+fa},{baseUrl:"https://pagead2.googlesyndication.com/activeview_ext?id="+Sf+"&avm="+fa+"&dc_pubid="+fa+"&dc_exteid="+Ab+"&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]?"}],abandonPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+zd+"&cid="+ea+"&label=video_abandon&ad_mt=[AD_MT]&ad_tos=[AD_TOS]&ad_wat=[AD_WAT]&final=[FINAL]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: "&uga="+Cb+"&vm="+Qb},videostatsDelayplayUrl:{baseUrl:"https://s.youtube.com/api/stats/delayplay?cl="+pd+"&docid="+v+"&ei="+S+"&feature="+m+"&fexp="+Vp+"&ns="+Ka+"&plid="+M+"&referrer=https%3A%2F%2Fwww.youtube.com%2F&sdetail=p%3A%2F&sourceid="+Ue+"&el="+ai+"&len="+Wb+"&of="+dc+"&uga="+Cb+"&vm="+Qb},videostatsWatchtimeUrl:{baseUrl:"https://s.youtube.com/api/stats/watchtime?cl="+pd+"&docid="+v+"&ei="+S+"&feature="+m+"&fexp="+Vp+"&ns="+Ka+"&plid="+M+"&referrer=https%3A%2F%2Fwww.youtube.com%2F&sdetail=p%3A%2F&sourceid="+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: "=",adInfoRenderer:{adHoverTextButtonRenderer:{button:{buttonRenderer:{style:"STYLE_UNKNOWN",size:"SIZE_DEFAULT",isDisabled:!1,icon:{iconType:"INFO_OUTLINE"},navigationEndpoint:{clickTrackingParams:Pd,openPopupAction:{popup:{aboutThisAdRenderer:{url:(BI.privateDoNotAccessOrElseTrustedResourceUrlWrappedValue="https://www.youtube.com/aboutthisad?pf=web&source=youtube&reasons=A"+L+"&hl="+Ka+"&origin=www.youtube.com&ata_theme="+Sn,BI),trackingParams:wb+"="}},popupType:"DIALOG"}},trackingParams:wb+"="}}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: "="},trackingParams:wb+"="}},adLayoutLoggingData:{serializedAdServingDataEntry:Pj},skipPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+v+"&cid="+ea+"&label=videoskipped&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+fa+";dc_exteid="+Ab+";met="+fa+";ecn"+fa+"="+fa+";etm1="+fa+";eid1="+Jb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],layoutId:"1ID7Gdwk2vV7OZ1A"}}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: "="}},hoverText:{runs:[{text:Sf}]},trackingParams:wb+"="}},adVideoId:zd,impressionPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+v+"&cid="+ea+"&label=video_companion_reshow_tracking"}],adLayoutLoggingData:{serializedAdServingDataEntry:Vi},isContentVideoCompanion:!0,associatedCompositePlayerBytesLayoutId:Ve}},adSlotLoggingData:{serializedSlotAdServingDataEntry:Sn}}}],adBreakHeartbeatParams:"Q0FBJTNE",frameworkUpdates:{entityBatchUpdate:{mutations:[{entityKey:id, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: "https://www.youtube.com/aboutthisad?pf=web&source=youtube&reasons=A"+L+"&hl="+Ka+"&origin=www.youtube.com&ata_theme="+Sn,Mv),trackingParams:wb+"="}},popupType:"DIALOG"}},icon:{iconType:"INFO_OUTLINE"},trackingParams:wb+"="}},hoverText:{runs:[{text:Pj}]},trackingParams:wb+"="}},flyoutCtaRenderer:{flyoutCtaRenderer:{image:{thumbnail:{thumbnails:[{url:"https://yt3.ggpht.com/ytc/"+kg+"=s176-c-k-c0x00ffffff-no-rj"}]},trackingParams:wb+"="},headline:{text:Ea,isTemplated:!1,trackingParams:wb+"="},description:{text:Vi, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: "https://www.youtube.com/aboutthisad?pf=web&source=youtube&reasons=A"+L+"&hl="+Ka+"&origin=www.youtube.com&ata_theme="+Sn,oea),trackingParams:wb+"="}},popupType:"DIALOG"}},trackingParams:wb+"="}},hoverText:{runs:[{text:Kx}]},trackingParams:wb+"="}},adVideoId:zd,impressionPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+v+"&cid="+ea+"&label=video_companion_impression_tracking"}],adLayoutLoggingData:{serializedAdServingDataEntry:uc},associatedCompositePlayerBytesLayoutId:Ve}}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: (L?"dark_v4":"light_v4");L={lottiePlayerProps:{animationConfig:{name:L,path:iWa("animated_like_icon",L),loop:!1,autoplay:!1,rendererSettings:{viewBoxOnly:!0,className:"animated-like-icon"}}},totalFrames:60,lazyLoad:!0};break a;case "NOTIFICATION_BELL":L={lottiePlayerProps:{animationConfig:{name:L?"notification_bell_dark":"notification_bell_light",path:"https://www.gstatic.com/youtube/img/lottie/subscribe_action/subscribe_action_bell_icon_"+(L?"dark":"light")+".json",loop:!1,autoplay:!1,rendererSettings:{className:"animated-subscribe-icon"}}}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: (e=pm(e+"/search",{query:a.browseEndpoint.query})),e&&a.browseEndpoint.params&&(e=pm(e,{params:a.browseEndpoint.params}));else{if(a.urlEndpoint)return a.urlEndpoint.url;a.signInEndpoint?(e="https://accounts.google.com/ServiceLogin",d={},_.wf.extend(d,b||{},{"continue":window.location.href.split("#")[0],action_handle_signin:!0,passive:!0}),b=d):a.uploadEndpoint?e="//www.youtube.com/upload":a.liveChatEndpoint?(e=a.liveChatEndpoint,d=_.wf.clone(e),_.Xa(e.continuation)&&(g=Object.keys(e.continuation)[0], equals www.youtube.com (Youtube)
Source: chromecache_339.2.drString found in binary or memory: (g.W0(V,"redirector.googlevideo.com"),G=V.toString()):V.J.match("rr?[1-9].*\\.c\\.youtube\\.com$")?(g.W0(V,"www.youtube.com"),G=V.toString()):(V=H38(G),nk(V)&&(G=V));V=new g.v4(G);V.set("cmo=pf","1");n&&V.set("cmo=td","a1.googlevideo.com");return V}; equals www.youtube.com (Youtube)
Source: chromecache_339.2.drString found in binary or memory: A2s=function(X,c){if(!X.J["0"]){var V=new s3("0","fakesb",{video:new Pb(0,0,0,void 0,void 0,"auto")});X.J["0"]=c?new Pt(new g.v4("http://www.youtube.com/videoplayback"),V,"fake"):new yq(new g.v4("http://www.youtube.com/videoplayback"),V,new mK(0,0),new mK(0,0))}}; equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: Ab+"&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]?"}],abandonPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+v+"&cid="+ea+"&label=video_abandon&ad_mt=[AD_MT]&ad_tos=[AD_TOS]&ad_wat=[AD_WAT]&final=[FINAL]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+fa+";dc_exteid="+Ab+";met="+fa+";ecn"+fa+"="+fa+";etm1="+fa+";eid1="+Cb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],activeViewFullyViewableAudibleHalfDurationPings:[{baseUrl:"https://www.youtube.com/pcs/activeview?xai="+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: B+"____________"+C+"AxAA&sigh="+v+"&cid="+ea+"&label=adpause&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+fa+";dc_exteid="+Ab+";met="+fa+";ecn"+fa+"="+fa+";etm1="+fa+";eid1="+Cb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],rewindPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+v+"&cid="+ea+"&label=adrewind&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"}], equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: B+"____________"+C+"AxAA&sigh="+zd+"&cid="+ea+"&ad_cpn=[AD_CPN]&lact=[LACT]"},{baseUrl:"https://www.youtube.com/api/stats/ads?ver="+fa+"&ns="+fa+"&event="+fa+"&device="+fa+"&content_v="+v+"&el="+ai+"&ei="+S+"&devicever="+c+"&bti="+Jb+"&format="+Wc+"&break_type="+fa+"&conn=[CONN]&cpn=[CPN]&lact=[LACT]&m_pos="+fa+"&mt=[MT]&p_h=[P_H]&p_w=[P_W]&rwt=[RWT]&sdkv="+bb+"&slot_pos="+fa+"&slot_len="+fa+"&vis=[VIS]&vol=[VOL]&wt=[WT]&ad_cpn=[AD_CPN]&ad_id="+Cf+"&ad_len="+vc+"&ad_mt=[AD_MT]&ad_sys=YT%3AAdSense-Viral%2CAdSense-Viral&ad_v="+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: B+"____________"+C+"AxAA&sigh="+zd+"&cid="+ea+"&label=videoskipped&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+fa+";dc_exteid="+Ab+";met="+fa+";ecn"+fa+"="+fa+";etm1="+fa+";eid1="+Jb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],closePings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+zd+"&cid="+ea+"&label=adclose&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"}], equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: C.baseUrl);var G;r.push(n==null?void 0:(G=n.ptrackingUrl)==null?void 0:G.baseUrl);var M;r.push(n==null?void 0:(M=n.qoeUrl)==null?void 0:M.baseUrl);var L;r.push(n==null?void 0:(L=n.atrUrl)==null?void 0:L.baseUrl);v=_.h(r);for(B=v.next();!B.done;B=v.next())if((B=B.value)&&m.test(B)){v=B.replace("https://www.youtube.com","").replace("https://s.youtube.com","");break b}}v=void 0}v&&c.push({testUrl:_.ha.location.origin+v,baseUrl:_.ha.location.origin+"/feed/download",method:"GET"})}c=c.length!==0?c[Math.floor(Math.random()* equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: Cf+"&ad_len="+vc+"&ad_mt=[AD_MT]&ad_sys=YT%3AAdSense-Viral%2CAdSense-Viral&ad_v="+zd+"&aqi="+S+"&ad_rmp="+fa+"&sli="+fa}],errorPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+zd+"&cid="+ea+"&label=videoplayfailed[ERRORCODE]"}],mutePings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+zd+"&cid="+ea+"&label=admute&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: JE.flush();cq&&cq.snapshotAndFlush()}},b),(c.flush_logs={callback:function(){_.bl()}},c))}},ohc);var qhc={},rhc=(qhc.rendered={priority:0,callback:function(){var a=new xgb;a.increment("STARTED");if(_.hi("LOGGED_IN")&&_.hi("SERVER_VERSION")!=="test"&&_.hi("SERVER_VERSION")!=="dev"&&!obb()&&!nbb()){a.increment("EXECUTING");var b=document.createElement("iframe");b.style.display="none";_.Qda(b,2,_.Dd("https://accounts.youtube.com/RotateCookiesPage?origin=https://www.youtube.com&yt_pid="+_.hi("INNERTUBE_CONTEXT_CLIENT_NAME")));document.body&&document.body.appendChild(b);a.increment("DONE")}}},qhc);var shc={},thc=(shc.rendered={callback:function(){Eec().resume()}},shc);var uhc={acknowledgeChannelTouStrikeCommand:qt(xT),addToPlaylistServiceEndpoint:qt(vU),addToPlaylistEndpoint:qt(vU),addUpcomingEventReminderEndpoint:qt(MT),browseEndpoint:qt(mec),channelCreationFormEndpoint:qt(qT),channelCreationServiceEndpoint:qt(rT),claimLegacyYoutubeChannelEndpoint:qt(dT),clearSearchHistoryEndpoint:qt(ET),clearWatchHistoryEndpoint:qt(FT),commerceActionCommand:rt(SU),createBackstagePostEndpoint:qt(YS),createBroadcastCommand:qt(NT),createCommentEndpoint:qt(mT),createCommentReplyEndpoint:qt(lT), equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: Object.assign({},{name:"INCORRECT",path:"https://www.gstatic.com/youtube/img/creator/posts/Lottie_QuizIncorrect_LightTheme_01a.json",renderer:"svg"},RWb,{rendererSettings:{viewBoxOnly:!0,viewBoxSize:"26 26 80 80"}});a.correctnessAnimationProps=[];a.correctnessAnimationRefs=[];return a}; equals www.youtube.com (Youtube)
Source: chromecache_339.2.drString found in binary or memory: RI.prototype.hp=function(){return this.JO.l()};var yBl=(new Date).getTime();var jos="://secure-...imrworldwide.com/ ://cdn.imrworldwide.com/ ://aksecure.imrworldwide.com/ ://[^.]*.moatads.com ://youtube[0-9]+.moatpixel.com ://pm.adsafeprotected.com/youtube ://pm.test-adsafeprotected.com/youtube ://e[0-9]+.yt.srs.doubleverify.com www.google.com/pagead/xsul www.youtube.com/pagead/slav".split(" "),HeD=/\bocr\b/;var $Bs=/(?:\[|%5B)([a-zA-Z0-9_]+)(?:\]|%5D)/g;var JSs=0,eHl=0,RHs=0;var mBt=Object.assign({},{attributes:{},handleError:function(X){throw X;}},{Cev:!0, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: Sf+"&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://pagead2.googlesyndication.com/activeview_ext?id="+Sf+"&dc_pubid="+fa+"&dc_exteid="+Ab+"&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]?"}],endFullscreenPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+zd+"&cid="+ea+"&label=vast_exit_fullscreen&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"}],activeViewMeasurablePings:[{baseUrl:"https://www.youtube.com/pcs/activeview?xai="+r+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: Ue+"&el="+ai+"&len="+Wb+"&of="+dc+"&uga="+Cb+"&vm="+Qb},ptrackingUrl:{baseUrl:"https://www.youtube.com/ptracking?ei="+S+"&m="+Ha+"&oid="+dc+"&plid="+M+"&pltype="+Ta+"&ptchn="+dc+"&ptk="+G+"&video_id="+v},qoeUrl:{baseUrl:"https://s.youtube.com/api/stats/qoe?cl="+pd+"&docid="+v+"&ei="+S+"&event="+Pj+"&feature="+m+"&fexp="+Vp+"&ns="+Ka+"&plid="+M+"&referrer=https%3A%2F%2Fwww.youtube.com%2F&sdetail=p%3A%2F&sourceid="+Ue},atrUrl:{baseUrl:"https://s.youtube.com/api/stats/atr?docid="+v+"&ei="+S+"&feature="+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: VF.prototype.remove=function(a){this.JSC$10808_expiringStorage.remove(a)};var aJa=_.Iw(["https://www.youtube.com/",""]),bJa=_.Iw(["https://studio.youtube.com/",""]),gJa="IDENTITY_STICKINESS_INITIAL_STATE_ENUM_UNKNOWN",dJa=null,lJa;var XKb=_.Iw(["https://www.youtube.com/iframe_api"]),WF=function(){this.playerResolver_=_.zt();this.playerPromise_=this.playerResolver_.promise;this.playerVars_=null;this.playbackEndedCallback_=_.cy;this.playbackDurationSeconds_=0},YKb=function(a){var b=function(){return window.YT&&typeof window.YT.ready==="function"}; equals www.youtube.com (Youtube)
Source: chromecache_339.2.drString found in binary or memory: WG.prototype.logTrace=function(X){this.encoder.reset();this.encoder.add(1);this.encoder.add(X.resources.length);for(var c=g.r(X.resources),V=c.next();!V.done;V=c.next()){V=V.value.replace("https://www.youtube.com/s/","");this.encoder.add(V.length);for(var G=0;G<V.length;G++)this.encoder.add(V.charCodeAt(G))}this.encoder.add(X.frames.length);c=g.r(X.frames);for(V=c.next();!V.done;V=c.next()){V=V.value;this.encoder.add(V.name.length);for(G=0;G<V.name.length;G++)this.encoder.add(V.name.charCodeAt(G)); equals www.youtube.com (Youtube)
Source: chromecache_339.2.drString found in binary or memory: X))):this.api.j().S("enable_adb_handling_in_sabr")&&V==="BROWSER_OR_EXTENSION_ERROR"&&!G.B?(G=G.hostLanguage,X="//support.google.com/youtube/answer/3037019#zippy=%2Cupdate-your-browser-and-check-your-extensions",G&&(X=g.BU(X,{hl:G})),this.AT(Nq(this,"BROWSER_OR_EXTENSION_ERROR",X))):this.AT(g.pE(X.errorMessage)):this.AT(Nq(this,"HTML5_NO_AVAILABLE_FORMATS_FALLBACK_WITH_LINK_SHORT","//www.youtube.com/supported_browsers")):(X=G.hostLanguage,V="//support.google.com/youtube/?p=player_error1",X&&(V=g.BU(V, equals www.youtube.com (Youtube)
Source: chromecache_339.2.drString found in binary or memory: X.details.rc!=="429"?X.errorCode==="ump.spsrejectfailure"&&(n="HTML5_SPS_UMP_STATUS_REJECTED"):(n="TOO_MANY_REQUESTS",L="6");this.J7.eX(X.errorCode,X.severity,n,Rd(X.details),L)}else this.J7.publish("nonfatalerror",X),G=/^pp/.test(this.videoData.clientPlaybackNonce),this.Mi(X.errorCode,X.details),G&&X.errorCode==="manifest.net.connect"&&(X="https://www.youtube.com/generate_204?cpn="+this.videoData.clientPlaybackNonce+"&t="+(0,g.bE)(),eb(X,"manifest",function(d){c.B=!0;c.Oy("pathprobe",d)},function(d){c.Mi(d.errorCode, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: _.Q(XM,"ytd-video-masthead-ad-expandable-thumbnail-tile-renderer",function(){if($2b!==void 0)return $2b;var a=document.createElement("template");_.z(a,'\x3c!--css-build:shady--\x3e\x3c!--css_build_scope:ytd-video-masthead-ad-expandable-thumbnail-tile-renderer--\x3e\x3c!--css_build_styles:video.youtube.src.web.polymer.shared.ui.styles.yt_base_styles.yt.base.styles.css.js--\x3e<a href="[[computeHref_(data.navigationEndpoint)]]" class="yt-simple-endpoint style-scope ytd-video-masthead-ad-expandable-thumbnail-tile-renderer" data="[[data.navigationEndpoint]]" aria-hidden="true" tabindex="-1" id="endpoint">\n <div id="overlay" class="style-scope ytd-video-masthead-ad-expandable-thumbnail-tile-renderer">\n <div id="play-button" class="style-scope ytd-video-masthead-ad-expandable-thumbnail-tile-renderer">\n \n <svg width="100%" height="100%" viewBox="0 0 68 48" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" class="style-scope ytd-video-masthead-ad-expandable-thumbnail-tile-renderer">\n <path id="play-button-bg" d="M66.52,7.74c-0.78-2.93-2.49-5.41-5.42-6.19C55.79,0.13,34,0,34,0S12.21,0.13,6.9,1.55 C3.97,2.33,2.27,4.81,1.48,7.74C0.06,13.05,0,24,0,24s0.06,10.95,1.48,16.26c0.78,2.93,2.49,5.41,5.42,6.19 C12.21,47.87,34,48,34,48s21.79-0.13,27.1-1.55c2.93-0.78,4.64-3.26,5.42-6.19C67.94,34.95,68,24,68,24S67.94,13.05,66.52,7.74z" class="ytp-large-play-button-bg style-scope ytd-video-masthead-ad-expandable-thumbnail-tile-renderer" fill="#212121" fill-opacity="0.8"></path>\n <path d="M 45,24 27,14 27,34" fill="#FFFFFF" class="style-scope ytd-video-masthead-ad-expandable-thumbnail-tile-renderer"></path>\n </svg>\n </div>\n </div>\n <yt-img-shadow id="thumbnail" thumbnail="[[data.thumbnail]]" width="424" class="style-scope ytd-video-masthead-ad-expandable-thumbnail-tile-renderer">\n </yt-img-shadow>\n </a>\n');a.content.insertBefore(_.X().content.cloneNode(!0), equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: _.Q(n9,"yt-live-chat-message-input-renderer",function(){if(Y9c===void 0){var a=document.createElement("template");_.z(a,'\x3c!--css-build:shady--\x3e\x3c!--css_build_scope:yt-live-chat-message-input-renderer--\x3e\x3c!--css_build_styles:video.youtube.src.web.polymer.shared.ui.styles.yt_base_styles.yt.base.styles.css.js,video.youtube.src.web.polymer.live_chat.yt_live_chat_message_input_renderer.yt.live.chat.message.input.renderer.css.js--\x3e<yt-live-chat-message-input-prompt-header-renderer data="[[data.headerRenderer.liveChatQnaInputPromptHeaderRenderer]]" hidden$="[[!data.headerRenderer.liveChatQnaInputPromptHeaderRenderer]]" class="style-scope yt-live-chat-message-input-renderer"></yt-live-chat-message-input-prompt-header-renderer><div id="container" class="style-scope yt-live-chat-message-input-renderer"><div id="top" class="style-scope yt-live-chat-message-input-renderer"><yt-img-shadow id="avatar" height="24" hidden$="[[!showAvatar]]" thumbnail="[[data.authorPhoto]]" width="24" class="style-scope yt-live-chat-message-input-renderer"></yt-img-shadow><div id="input-container" class="style-scope yt-live-chat-message-input-renderer"><yt-live-chat-author-chip author-badges="[[data.authorBadges]]" author-name="[[data.authorName]]" author-name-color="[[authorNameColor]]" hidden="" class="style-scope yt-live-chat-message-input-renderer"></yt-live-chat-author-chip><yt-live-chat-text-input-field-renderer id="input" character-count="{{characterCount}}" data="[[data.inputField.liveChatTextInputFieldRenderer]]" disabled="[[hasInteractionMessage]]" input-expanded="[[inputExpanded]]" is-chat-message-input="" max-character-limit="{{maxCharacterLimit}}" no-underline="" participants-manager="[[participantsManager]]" remaining-character-count="{{remainingCharacterCount}}" on-focused-changed="onFocusedChanged" on-focusin="onInputFocusIn" class="style-scope yt-live-chat-message-input-renderer"></yt-live-chat-text-input-field-renderer><div id="emoji-picker-button" class="style-scope yt-live-chat-message-input-renderer"></div></div><div id="right" class="style-scope yt-live-chat-message-input-renderer"><div id="count-container" class="style-scope yt-live-chat-message-input-renderer"><div id="count" class="style-scope yt-live-chat-message-input-renderer">[[remainingCharacterCount]]</div></div><div id="message-buttons" class="style-scope yt-live-chat-message-input-renderer"><div id="send-button" countdown-active$="[[countdownActive]]" hidden="[[!characterCount]]" on-yt-action="handleSendButtonAction" class="style-scope yt-live-chat-message-input-renderer"></div><svg id="countdown" countdown-active$="[[countdownActive]]" hidden$="[[!characterCount]]" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg" class="style-scope yt-live-chat-message-input-renderer"><circle id="countdown-background" cx="12" cy="12" r="10" class="style-scope yt-live-chat-message-input-renderer"></circle><circle id="countdown-line" cx="12" cy="12" r="10" stroke-dashoffset$="[[countdownStroke
Source: chromecache_540.2.drString found in binary or memory: _.Q(z7,"ytd-carousel-header-renderer",function(){if(y4c!==void 0)return y4c;var a=document.createElement("template");_.z(a,'\x3c!--css-build:shady--\x3e\x3c!--css_build_scope:ytd-carousel-header-renderer--\x3e\x3c!--css_build_styles:video.youtube.src.web.polymer.shared.ui.styles.yt_base_styles.yt.base.styles.css.js--\x3e<div id="contents" class="style-scope ytd-carousel-header-renderer"></div>\n');a.content.insertBefore(_.X().content.cloneNode(!0),a.content.firstChild);return y4c=a},{mode:1});var z4c;var A4c=_.Iw(["https://www.google-analytics.com/analytics.js"]),A7=function(){var a=_.O.apply(this,arguments)||this;a.scriptAnalyticsAdded=!1;return a}; equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: _.f.created=function(){this.embedHost_=mWc[_.hi("INNERTUBE_CLIENT_NAME")]||"www.youtube.com"}; equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: _.f.maybeInitializeQuizLotties=function(a){var b=this;this.isDarkTheme&&(this.baseCorrectLottiePlayerAnimationConfig.path="https://www.gstatic.com/youtube/img/creator/posts/Lottie_QuizCorrect_DarkTheme_01a.json",this.baseIncorrectLottiePlayerAnimationConfig.path="https://www.gstatic.com/youtube/img/creator/posts/Lottie_QuizIncorrect_DarkTheme_01a.json");this.correctnessAnimationProps=a.map(function(c){return{animationConfig:c.isCorrect?b.baseCorrectLottiePlayerAnimationConfig:b.baseIncorrectLottiePlayerAnimationConfig, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: _.y(C$c,_.O);C$c.prototype.maybeLoadAnimationBackground=function(){this.useAnimationBackground?this.lottieAnimation||(this.lottieAnimation=lottie.loadAnimation({container:this.animationBackground,loop:!0,renderer:"svg",path:"https://www.gstatic.com/youtube/img/livestream/live_chat/lottie_animation/shimmer_background.json",autoplay:!0})):this.lottieAnimation&&this.lottieAnimation.destroy()}; equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: _.y(N4,_.O);_.f=N4.prototype;_.f.created=function(){var a=_.ci();_.w("kevlar_clear_duplicate_pref_cookie")&&_.Wk(_.ck,function(){var b=_.Pi.get("PREF");b&&!/f\d=/.test(b)&&(b=_.ni("kevlar_duplicate_pref_cookie_domain_override"),document.cookie=b?"PREF=null;domain="+b+";expires=Thu, 01 Jan 1970 00:00:01 GMT":"PREF=null;domain=.www.youtube.com;expires=Thu, 01 Jan 1970 00:00:01 GMT")}); equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: a.content.firstChild);return $4b=a},{mode:1});var c5b;var d5b=function(){var a=_.O.apply(this,arguments)||this;a.rightSquigglyDark="https://www.gstatic.com/youtube/img/handles/handles_squiggle_1_dark_v1.svg";a.rightSquigglyLight="https://www.gstatic.com/youtube/img/handles/handles_squiggle_1_light_v1.svg";a.leftSquigglyDark="https://www.gstatic.com/youtube/img/handles/handles_squiggle_2_dark_v1.svg";a.leftSquigglyLight="https://www.gstatic.com/youtube/img/handles/handles_squiggle_2_light_v1.svg";a.leftSquiggly=a.leftSquigglyLight;a.rightSquiggly=a.rightSquigglyLight; equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: a.content.firstChild);return O2c=a},{mode:1});var Q2c;var s6=function(){var a=_.O.apply(this,arguments)||this;a.dark=!1;a.headerBackgroundLight="https://www.gstatic.com/youtube/img/labs/early_access_web_background_expanded_ai_2x.jpg";a.headerBackgroundDark="https://www.gstatic.com/youtube/img/labs/early_access_web_background_expanded_ai_2x.jpg";a.actionMap={"yt-dark-mode-toggled-action":"onDarkModeToggledAction"};return a}; equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: a.content.firstChild);return OWb=a},{mode:2});var QWb;var RWb={autoplay:!1,loop:!1},SWb={simpleText:""},TWb=function(){var a=_.O.apply(this,arguments)||this;a.isLoading=!1;a.usesPanelLockup=!1;a.enableRefreshWeb=_.w("enable_cairo_refresh_web");a.selectedItemIndex=-1;a.baseCorrectLottiePlayerAnimationConfig=Object.assign({},{name:"CORRECT",path:"https://www.gstatic.com/youtube/img/creator/posts/Lottie_QuizCorrect_LightTheme_01a.json",renderer:"svg"},RWb,{rendererSettings:{viewBoxOnly:!0,viewBoxSize:"12 20 80 80"}});a.baseIncorrectLottiePlayerAnimationConfig= equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: a.content.firstChild);return b7b=a},{mode:1});var M9b;var y2a={url:"https://www.gstatic.com/youtube/img/useredu/smart_downloads_optin_banner.gif"};var F2a=_.Mp(_.Ro("DELETE_FROM_DOWNLOADS",{},"Delete from downloads"));var A2a={url:"https://www.gstatic.com/youtube/img/useredu/smart_downloads_optin_banner.svg"};var N9b={},E2a=(N9b[0]={title:_.Zo(_.Ro("DOWNLOADS",void 0,"Downloads")),iconType:"OFFLINE_DOWNLOAD",topButtonRenderer:{style:"STYLE_BLUE_TEXT",size:"SIZE_DEFAULT",text:_.Zo(_.Ro("DOWNLOADS_SETTINGS",void 0,"Downloads Settings")),loggingDirectives:{clientVeSpec:{uiType:21412}},navigationEndpoint:Xo("SPaccount_downloads","/account_downloads",6827,"WEB_PAGE_TYPE_SETTINGS")},sectionClientVE:51721,videoClientVE:42356},N9b[1]={title:_.Zo(_.Ro("SMART_DOWNLOADS",void 0,"Smart downloads")),topButtonRenderer:{icon:{iconType:"SETTINGS"}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: a.content.insertBefore(_.X().content.cloneNode(!0),a.content.firstChild);return c5b=a},{mode:1});var e5b;var f5b=function(){var a=_.O.apply(this,arguments)||this;a.actionMap={"yt-dark-mode-toggled-action":"onDarkModeToggledAction"};a.image0DarkSquigglyBackground="https://www.gstatic.com/youtube/img/handles/handles_squiggle_4_dark.svg";a.image0LightSquigglyBackground="https://www.gstatic.com/youtube/img/handles/handles_squiggle_4_light.svg";a.image1DarkSquigglyBackground="https://www.gstatic.com/youtube/img/handles/handles_squiggle_6_dark.svg";a.image1LightSquigglyBackground="https://www.gstatic.com/youtube/img/handles/handles_squiggle_6_light.svg"; equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: a.content.insertBefore(_.X().content.cloneNode(!0),a.content.firstChild);return g5b=a},{mode:1});var h5b;var nO=function(){var a=_.O.apply(this,arguments)||this;a.JSC$13629_squigglyBackgroundDark="https://www.gstatic.com/youtube/img/handles/handles_curl_section_illustration_dark_v1.svg";a.JSC$13629_squigglyBackgroundLight="https://www.gstatic.com/youtube/img/handles/handles_curl_section_illustration_light_v1.svg";a.actionMap={"yt-dark-mode-toggled-action":"onDarkModeToggledAction"};a.squigglyBackground=a.JSC$13629_squigglyBackgroundLight;return a}; equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: a.content.insertBefore(_.X().content.cloneNode(!0),a.content.firstChild);return h5b=a},{mode:1});var i5b;var j5b=function(){var a=_.O.apply(this,arguments)||this;a.JSC$13632_squigglyBackgroundDark="https://www.gstatic.com/youtube/img/handles/handles_squiggle_3_dark.svg";a.JSC$13632_squigglyBackgroundLight="https://www.gstatic.com/youtube/img/handles/handles_squiggle_3_light.svg";a.squigglyBackground=a.JSC$13632_squigglyBackgroundLight;a.actionMap={"yt-dark-mode-toggled-action":"onDarkModeToggledAction"};return a}; equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: a.content.insertBefore(_.X().content.cloneNode(!0),a.content.firstChild);return jXb=a},{mode:1});var lXb,mXb=function(){if(lXb!==void 0)return lXb;var a=document.createElement("template");_.z(a,'\x3c!--css-build:shady--\x3e\x3c!--css_build_scope:ytd-thumbnail-overlay-equalizer--\x3e\x3c!--css_build_styles:video.youtube.src.web.polymer.shared.ui.styles.yt_base_styles.yt.base.styles.css.js--\x3e<svg xmlns="http://www.w3.org/2000/svg" id="equalizer" viewBox="0 0 55 95" class="style-scope ytd-thumbnail-overlay-equalizer">\n <g class="style-scope ytd-thumbnail-overlay-equalizer">\n <rect class="bar style-scope ytd-thumbnail-overlay-equalizer" x="0"></rect>\n <rect class="bar style-scope ytd-thumbnail-overlay-equalizer" x="20"></rect>\n <rect class="bar style-scope ytd-thumbnail-overlay-equalizer" x="40"></rect>\n </g>\n</svg>\n'); equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: a.image3DarkSquigglyBackground="https://www.gstatic.com/youtube/img/handles/handles_squiggle_5_dark.svg";a.image3LightSquigglyBackground="https://www.gstatic.com/youtube/img/handles/handles_squiggle_5_light_v2.svg";a.image0SquigglyBackground=a.image0LightSquigglyBackground;a.image1SquigglyBackground=a.image1LightSquigglyBackground;a.image3SquigglyBackground=a.image3LightSquigglyBackground;return a}; equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"LigQMVuP3nAx3LwQfSGhgYmqsEWANi"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"65",offsetEndMilliseconds:"30"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"51",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"LigQMVuP3nAx3LwQfSGhgYmqsEWANi"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_START",adTimeOffset:{offsetStartMilliseconds:"330100",offsetEndMilliseconds:"594666"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"0",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"by"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"73",offsetEndMilliseconds:"64"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"67",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"cn"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"59",offsetEndMilliseconds:"8"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"26",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"fp"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"66",offsetEndMilliseconds:"35"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"98",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"go"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"14",offsetEndMilliseconds:"87"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"79",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"nh"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_END",adTimeOffset:{offsetStartMilliseconds:"25",offsetEndMilliseconds:"13"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"32",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"nl"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"50",offsetEndMilliseconds:"67"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"96",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"ov"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"13",offsetEndMilliseconds:"2"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"52",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"ti"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"47",offsetEndMilliseconds:"84"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"10",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"uc"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"10",offsetEndMilliseconds:"zo"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"22",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"wg"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"56",offsetEndMilliseconds:"86"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"25",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"wi"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"34",offsetEndMilliseconds:"12"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"27",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"wz"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"84",offsetEndMilliseconds:"90"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"92",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: animationConfig:{name:"animated-actions-foreground",autoplay:!1,loop:!1,path:"https://www.gstatic.com/youtube/img/lottie/subscribe_action/subscribe_action_sparkles_"+(TVa()?"dark":"light")+"_v4.json"}}})}))}; equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: autoplay:!1,loop:!1,path:"https://www.gstatic.com/youtube/img/lottie/subscribe_action/subscribe_action_container_"+(TVa()?"dark":"light")+"_v5.json"}}})}),d),_.Ng(a,function(){return _.q(SVa,{lottiePlayerProps:{animationRef:c, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: b.includes("YouTubeCenter.js")||b.includes("/mytube.js")||b.includes("JSON.parseWrapper")||b.includes("/inj_js/common.js")||b.includes("firebug-lite")||b.includes(".repl.co/")||b.includes("linkfix")||b.includes("playAfterAd")||a.message.includes("Access is denied for this document")&&b.includes("<anonymous>")||a.message.includes("cannot be created in a document with origin 'https://www.youtube.com' and URL 'about:blank'")&&b.includes("<anonymous>"))return!0;if(b.includes("https://www.youtube.com"))return!1; equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: c+"&m_pos_ms="+Wc}},adSlotLoggingData:{serializedSlotAdServingDataEntry:Pj}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:Wc,offsetEndMilliseconds:Wc},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"10000",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei="+S+"&m_pos="+ib+"&token=ALHj"+ba+"&index="+fa+"&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver="+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: c+"&m_pos_ms="+Wc}},adSlotLoggingData:{serializedSlotAdServingDataEntry:Rn}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_END",adTimeOffset:{offsetStartMilliseconds:Cb,offsetEndMilliseconds:Cb},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"10000",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei="+S+"&m_pos="+Cb+"&token=ALHj"+ba+"&index="+fa+"&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver="+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: c+"&m_pos_ms="+Wc}},adSlotLoggingData:{serializedSlotAdServingDataEntry:Rn}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:Wc,offsetEndMilliseconds:Wc},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"10000",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei="+S+"&m_pos="+ib+"&token=ALHj"+ba+"&index="+fa+"&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver="+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: c+"&m_pos_ms="+Wc}},adSlotLoggingData:{serializedSlotAdServingDataEntry:Ta}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:Wc,offsetEndMilliseconds:Cb},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"10000",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei="+S+"&m_pos="+ib+"&token=ALHj"+ba+"&index="+fa+"&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver="+ equals www.youtube.com (Youtube)
Source: chromecache_339.2.drString found in binary or memory: c.customBaseYoutubeUrl:X.BASE_YT_URL)||"")||Ge(this.ON)||this.protocol+"://www.youtube.com/";d=c?c.eventLabel:X.el;G="detailpage";d==="adunit"?G=this.X?"embedded":"detailpage":d==="embedded"||this.D?G=ye(G,d,n2D):d&&(G="embedded");this.Pl=G;I91();d=null;G=c?c.playerStyle:X.ps;L=g.Di(LVl,G);!G||L&&!this.D||(d=G);this.playerStyle=d;this.B=g.Di(LVl,this.playerStyle);this.houseBrandUserStatus=c==null?void 0:c.houseBrandUserStatus;this.A7=this.B&&this.playerStyle!=="play"&&this.playerStyle!=="jamboard"; equals www.youtube.com (Youtube)
Source: chromecache_339.2.drString found in binary or memory: c=this.api.j();X=this.api.getVideoData();var V="";c.U||(c=g.zD(c),c.indexOf("www.")===0&&(c=c.substring(4)),V=g.GT(X)?"Watch on YouTube Music":c==="youtube.com"?"Watch on YouTube":g.ZQ("Watch on $WEBSITE",{WEBSITE:c}));this.updateValue("title",V)}; equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: completePings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+v+"&cid="+ea+"&label=videoplaytime100&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+fa+";dc_exteid="+Ab+";met="+fa+";ecn"+fa+"="+fa+";etm1="+fa+";eid1="+Cb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],activeViewTracking:{trafficType:"ACTIVE_VIEW_TRAFFIC_TYPE_VIDEO"}},clickthroughEndpoint:{clickTrackingParams:Pd, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: data:function(){var M="loading_animation_"+u();return{animationConfig:{name:M,path:"https://www.gstatic.com/youtube/img/lottie/playables_loading_animation/"+M+".json",loop:!0,autoplay:!0}}}})),_.q("div",{class:"mini-app-splash-screen-view-model-wiz__timeout-message-container"},_.q(_.bm,{cond:C, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: ea+"&label=adrewind&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"}],resumePings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+zd+"&cid="+ea+"&label=adresume&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+fa+";dc_exteid="+Ab+";met="+fa+";ecn"+fa+"="+fa+";etm1="+fa+";eid1="+Cb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],skipPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: enableMarqueeScroll:function(){return!!b().enableMarqueeScroll}}))))});var Mfc,Nfc,uV,Rfc,Tfc,Qfc,Wfc,Vfc;Mfc=["https://fonts.gstatic.com","https://tv.youtube.com","https://www.gstatic.com","https://www.youtube.com"];Nfc=_.mi("wil_icon_max_concurrent_fetches",Infinity); equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: endFullscreenPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+v+"&cid="+ea+"&label=vast_exit_fullscreen&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"}],activeViewMeasurablePings:[{baseUrl:"https://www.youtube.com/pcs/activeview?xai="+r+"&sig="+cb+"&ad_cpn=[AD_CPN]&id="+Sf+"&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]&avm="+fa},{baseUrl:"https://pagead2.googlesyndication.com/activeview_ext?id="+Sf+"&avm="+fa+"&dc_pubid="+fa+"&dc_exteid="+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: fQ.prototype.navigateToAboutTheseResultsPage=function(){var a=Bd("https://www.youtube.com/howyoutubeworks/product-features/search/");a?_.Od(window,a,"_blank"):_.pi(Error("Kh"))}; equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: fa+"&cid="+ea+"&ad_cpn=%5BAD_CPN%5D&sig="+W+"&adurl="+Vc+"&label=video_click_to_advertiser_site&ctype="+ib+"&ms=[CLICK_MS]",target:"TARGET_NEW_WINDOW",attributionSrcMode:"ATTRIBUTION_SRC_MODE_LABEL_CHROME"}},trackingParams:wb+"=",backgroundImage:{thumbnail:{thumbnails:[{url:""}]},trackingParams:wb+"="},abandonCommands:{commands:[{clickTrackingParams:Pd,loggingUrls:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+zd+"&cid="+ea+"&label=video_abandon&ad_mt=[AD_MT]&ad_tos=[AD_TOS]&ad_wat=[AD_WAT]&final=[FINAL]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: fa+";dc_exteid="+Ab+";met="+fa+";ecn"+fa+"="+fa+";etm1="+fa+";eid1="+Cb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],thirdQuartilePings:[{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+fa+";dc_exteid="+Ab+";met="+fa+";ecn"+fa+"="+fa+";etm1="+fa+";eid1="+Wc+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],completePings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+zd+"&cid="+ea+"&label=videoplaytime100&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: fa+";dc_exteid="+Ab+";met="+fa+";ecn"+fa+"="+fa+";etm1="+fa+";eid1="+Cb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],unmutePings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+zd+"&cid="+ea+"&label=adunmute&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+fa+";dc_exteid="+Ab+";met="+fa+";ecn"+fa+"="+fa+";etm1="+fa+";eid1="+Wc+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}], equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: fa+";etm1="+fa+";eid1="+Cb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],unmutePings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+v+"&cid="+ea+"&label=adunmute&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+fa+";dc_exteid="+Ab+";met="+fa+";ecn"+fa+"="+fa+";etm1="+fa+";eid1="+Wc+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],pausePings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: fa+"="+fa+";etm1="+fa+";eid1="+Cb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],pingingEndpoint:{hack:!0}}]},adRendererCommands:{impressionCommand:{clickTrackingParams:Pd,commandExecutorCommand:{commands:[{clickTrackingParams:Pd,loggingUrls:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+v+"&cid="+ea+"&label=video_card_endcap_impression"}],pingingEndpoint:{hack:!0}}]}}},skipButton:{skipButtonRenderer:{message:{text:Ta,isTemplated:!1,trackingParams:wb+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: fullscreenPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+zd+"&cid="+ea+"&label=adfullscreen&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+fa+";dc_exteid="+Ab+";met="+fa+";ecn"+fa+"="+fa+";etm1="+fa+";eid1="+Cb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],activeViewViewablePings:[{baseUrl:"https://www.youtube.com/pcs/activeview?xai="+r+"&sig="+cb+"&ad_cpn=[AD_CPN]&id="+ equals www.youtube.com (Youtube)
Source: chromecache_339.2.drString found in binary or memory: g.G_=function(X){var c=g.zD(X);WVs.includes(c)&&(c="www.youtube.com");return X.protocol+"://"+c}; equals www.youtube.com (Youtube)
Source: chromecache_339.2.drString found in binary or memory: g.y.getVideoUrl=function(X,c,V,G,n,L,d){c={list:c};V&&(n?c.time_continue=V:c.t=V);V=d?"music.youtube.com":g.zD(this);n=V==="www.youtube.com";!L&&G&&n?L="https://youtu.be/"+X:g.g0(this)?(L="https://"+V+"/fire",c.v=X):(L&&n?(L=this.protocol+"://"+V+"/shorts/"+X,G&&(c.feature="share")):(L=this.protocol+"://"+V+"/watch",c.v=X),SA&&(X=SIw())&&(c.ebc=X));return g.BU(L,c)}; equals www.youtube.com (Youtube)
Source: chromecache_339.2.drString found in binary or memory: g.zD=function(X){X=N7(X.Wb);return X==="www.youtube-nocookie.com"?"www.youtube.com":X}; equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: hoverText:{runs:[{text:Sf}]},trackingParams:wb+"="}},adVideoId:zd,impressionPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+zd+"&cid="+ea+"&label=video_companion_impression_tracking"}],adLayoutLoggingData:{serializedAdServingDataEntry:lb},associatedCompositePlayerBytesLayoutId:Ve}},adSlotLoggingData:{serializedSlotAdServingDataEntry:Sf}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_SELF_START"}},renderer:{actionCompanionAdRenderer:{headline:{text:Sf, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: iWa=function(a,b){return"https://www.gstatic.com/youtube/img/lottie/"+a+"/"+b+".json"}; equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: isTemplated:!0,trackingParams:wb+"="}},trackingParams:wb+"="}},adInfoRenderer:{adHoverTextButtonRenderer:{button:{buttonRenderer:{style:"STYLE_UNKNOWN",size:"SIZE_DEFAULT",isDisabled:!1,serviceEndpoint:{clickTrackingParams:Pd,openPopupAction:{popup:{aboutThisAdRenderer:{url:(us.privateDoNotAccessOrElseTrustedResourceUrlWrappedValue="https://www.youtube.com/aboutthisad?pf=web&source=youtube&reasons=A"+L+"&hl="+Ka+"&origin=www.youtube.com&ata_theme="+Sn,us),trackingParams:wb+"="}},popupType:"DIALOG"}}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: lazyLoad:!1}],["FACE_VERY_HAPPY",{name:"animated_face_very_happy_light",nameDarkTheme:"animated_face_very_happy_dark",path:"https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/light_mode/face_very_happy.json",pathDarkTheme:"https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/dark_mode/face_very_happy.json",lottiePlayerProps:{animationConfig:{loop:!1,autoplay:!1}},type:"FACE_VERY_HAPPY",totalFrames:121,lazyLoad:!1}],["LIKE",{name:"animated_like_light",nameDarkTheme:"animated_like_dark", equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: lottiePlayerProps:{animationConfig:{loop:!1,autoplay:!1}},type:"FACE_SAD",totalFrames:121,lazyLoad:!1}],["FACE_UNHAPPY",{name:"animated_face_unhappy_light",nameDarkTheme:"animated_face_unhappy_dark",path:"https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/light_mode/face_unhappy.json",pathDarkTheme:"https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/dark_mode/face_unhappy.json",lottiePlayerProps:{animationConfig:{loop:!1,autoplay:!1}},type:"FACE_UNHAPPY",totalFrames:121, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: lottiePlayerProps:{animationConfig:{loop:!1,autoplay:!1}},type:"LIKE_VALENTINES25_HEART",totalFrames:60,lazyLoad:!0}],["LIKE_VALENTINES25_BROKEN_HEART",{name:"animated_like_valentines25_broken_heart_light",nameDarkTheme:"animated_like_valentines25_broken_heart_dark",path:"https://www.gstatic.com/youtube/img/lottie/custom_animated_like_icon/animated_like_valentines25_broken_heart_light_v5.json",pathDarkTheme:"https://www.gstatic.com/youtube/img/lottie/custom_animated_like_icon/animated_like_valentines25_broken_heart_dark_v5.json", equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: loudnessDb:-3.7800007}]},playerAds:[{playerLegacyDesktopWatchAdsRenderer:{playerAdParams:{showContentThumbnail:!0,enabledEngageTypes:"3,6,4,5,17,1"},gutParams:{tag:"\\4061\\ytpwmpu"},showCompanion:!0,showInstream:!0,useGut:!0}}],playbackTracking:{videostatsPlaybackUrl:{baseUrl:"https://s.youtube.com/api/stats/playback?cl="+pd+"&docid="+v+"&ei="+S+"&feature="+m+"&fexp="+Vp+"&ns="+Ka+"&plid="+M+"&referrer=https%3A%2F%2Fwww.youtube.com%2F&sdetail=p%3A%2F&sourceid="+Ue+"&el="+ai+"&len="+Wb+"&of="+dc+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: m+"&len="+Wb+"&ns="+Ka+"&plid="+M+"&ver="+fa,elapsedMediaTimeSeconds:5},videostatsScheduledFlushWalltimeSeconds:[10,20,30],videostatsDefaultFlushIntervalSeconds:40},captions:{playerCaptionsTracklistRenderer:{captionTracks:[{baseUrl:"https://www.youtube.com/api/timedtext?v="+v+"&caps="+rb+"&opi="+pd+"&xoaf="+fa+"&hl="+Ka+"&ip="+bb+"&ipbits="+fa+"&expire="+Vb+"&sparams=ip,ipbits,expire,v,caps,opi,xoaf&signature="+bb+"&key="+rb+"&lang="+pa,name:{simpleText:qa},vssId:".en-US",languageCode:"en-US",isTranslatable:!0, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: n.baseUrl.replace("https://www.youtube.com","");break b}m=void 0}m&&c.push({testUrl:_.ha.location.origin+m,baseUrl:_.ha.location.origin+"/feed/download",method:"GET"})}if(_.w("ad_net_pb_pbp")){var v;b:{m=/api\/stats\/qoe/;if(n=Wp().objectRepresentation.playbackTracking){r=[];r.push(n==null?void 0:(v=n.videostatsPlaybackUrl)==null?void 0:v.baseUrl);var B;r.push(n==null?void 0:(B=n.videostatsDelayplayUrl)==null?void 0:B.baseUrl);var C;r.push(n==null?void 0:(C=n.videostatsWatchtimeUrl)==null?void 0: equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: n4a=function(a,b){return"https://www.gstatic.com/youtube/img/icons/web/"+(Sv[b[0]]+"/"+a+"/v"+b[1]+"/")+(b[2]+"px.svg")}; equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: nHa=function(){var a,b,c,d,e,g,k,m,n,r,t;return _.l(function(u){switch(u.nextAddress){case 1:_.ke(u,2),a=_.h(NHa()),b=a.next();case 4:if(b.done)return u.return(1);d=c=b.value;e=d.jsonRepresentation;g=d.objectRepresentation;k=btoa(e);m="data:application/json;base64,"+k;n=new Request(m);Object.defineProperty(n,"url",{get:function(){return"https://www.youtube.com/youtubei/v1/player?key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8&prettyPrint=false"}}); equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: nJa=function(a){if(a.urlEndpoint){if(a=_.wi(a.urlEndpoint.url),a.adurl)return Ei(a.adurl)}else if(a.watchEndpoint)return"//www.youtube.com/watch?v="+a.watchEndpoint.videoId;return null}; equals www.youtube.com (Youtube)
Source: chromecache_339.2.drString found in binary or memory: new Set;this.deviceIsAudioOnly=!(c==null||!c.deviceIsAudioOnly);this.tT=hj(this.tT,X.ismb);this.UY?(F=X.vss_host||"s.youtube.com",F==="s.youtube.com"&&(F=N7(this.Wb)||"www.youtube.com")):F="video.google.com";this.wV=F;UT(this,X,!0);this.wy=new nL;g.N(this,this.wy);w=c?c.innertubeApiKey:Aj("",X.innertube_api_key);W=c?c.innertubeApiVersion:Aj("",X.innertube_api_version);F=c?c.innertubeContextClientVersion:Aj("",X.innertube_context_client_version);w=g.iH("INNERTUBE_API_KEY")||w;W=g.iH("INNERTUBE_API_VERSION")|| equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: path:"https://www.gstatic.com/youtube/img/lottie/animated_like_icon/animated_like_icon_light_v4.json",pathDarkTheme:"https://www.gstatic.com/youtube/img/lottie/animated_like_icon/animated_like_icon_dark_v4.json",lottiePlayerProps:{animationConfig:{loop:!1,autoplay:!1}},type:"LIKE",totalFrames:60,lazyLoad:!0}],["NOTIFICATION_BELL",{name:"notification_bell_light",nameDarkTheme:"notification_bell_dark",path:"https://www.gstatic.com/youtube/img/lottie/subscribe_action/subscribe_action_bell_icon_light.json", equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: path:"https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/light_mode/face_meh.json",pathDarkTheme:"https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/dark_mode/face_meh.json",lottiePlayerProps:{animationConfig:{loop:!1,autoplay:!1}},type:"FACE_MEH",totalFrames:121,lazyLoad:!1}],["FACE_SAD",{name:"animated_face_sad_light",nameDarkTheme:"animated_face_sad_dark",path:"https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/light_mode/face_sad.json",pathDarkTheme:"https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/dark_mode/face_sad.json", equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: pathDarkTheme:"https://www.gstatic.com/youtube/img/lottie/subscribe_action/subscribe_action_bell_icon_dark.json",lottiePlayerProps:{animationConfig:{loop:!1,autoplay:!1}},type:"NOTIFICATION_BELL",totalFrames:79,lazyLoad:!1}],["LIKE_VALENTINES25_HEART",{name:"animated_like_valentines25_heart_light",nameDarkTheme:"animated_like_valentines25_heart_dark",path:"https://www.gstatic.com/youtube/img/lottie/custom_animated_like_icon/animated_like_valentines25_heart_light_v5.json",pathDarkTheme:"https://www.gstatic.com/youtube/img/lottie/custom_animated_like_icon/animated_like_valentines25_heart_dark_v5.json", equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: pausePings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+zd+"&cid="+ea+"&label=adpause&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+fa+";dc_exteid="+Ab+";met="+fa+";ecn"+fa+"="+fa+";etm1="+fa+";eid1="+Cb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],rewindPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+zd+"&cid="+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: pcd.idomCompat={callbacks:{onError:!0,onSend:!0}};var qcd={animationConfig:{autoplay:!0,loop:!0,renderer:"svg",rendererSettings:{viewBoxOnly:!0,className:"ytChatLoadingViewModelLoadingSvg"},name:"YOUCHAT_LOADER",path:"https://www.gstatic.com/youtube/img/lottie/youchat_animations/progress_indicator_comp_v1.json"}},rcd=_.Br(function(a){var b=_.Ut(),c=_.ci().resolve(_.os);_.gm(function(){requestAnimationFrame(function(){var e;(e=b.lottieEl)==null||e.addEventListener("DOMLoaded",function(){var g;(g=a.onLottieLoaded)==null||g.call(a)})})}); equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: pd+";dc_dbm_token="+u+";dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;ltd=;dc_tdv="+fa+";ord="+pd+";dc_rui="+fa+";dc_exteid="+Ab+";dc_av="+fa+";dc_sk="+fa+";dc_ctype="+Cb+";dc_pubid="+fa+";dc_btype=3?gclid="+Ja+"&ase=2"},{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+v+"&cid="+ea+"&label=video_card_endcap_action_headline_click"}],commandMetadata:{webCommandMetadata:{url:"https://www.googleadservices.com/pagead/aclk?sa=L&ai=C"+B+"____________"+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: pd+";dc_trk_cid="+pd+";dc_dbm_token="+u+";dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;ltd=;dc_tdv="+fa+";ord="+pd+";dc_rui="+fa+";dc_exteid="+od+";dc_av="+fa+";dc_sk="+fa+";dc_ctype="+Cb+";dc_pubid="+fa+";dc_btype=3?gclid="+Ja+"&ase=2",attributionSrcMode:"ATTRIBUTION_SRC_MODE_LABEL_CHROME"}],fullscreenPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+v+"&cid="+ea+"&label=adfullscreen&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: pingingEndpoint:{hack:!0}}]}}},skipButton:{skipButtonRenderer:{message:{text:Sn,isTemplated:!1,trackingParams:wb+"="},trackingParams:wb+"="}},adLayoutLoggingData:{serializedAdServingDataEntry:im},skipPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+zd+"&cid="+ea+"&label=videoskipped&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+fa+";dc_exteid="+Ab+";met="+fa+";ecn"+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: pings:{impressionPings:[{baseUrl:"https://ad.doubleclick.net/ddm/trackimp/N444803.2428500DBMSITEID/B30029229.368252041;dc_trk_aid="+pd+";dc_trk_cid="+pd+";dc_dbm_token="+u+";ord="+Vb+";dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;ltd=;dc_tdv="+fa+";dc_rui="+fa+";dc_exteid="+Ab+";dc_av="+ib+";dc_sk="+fa+";dc_ctype="+Cb+";dc_ref=http://www.youtube.com/video/"+zd+";dc_pubid="+fa+";dc_btype=23?gclid="+Ja+"&ase=2",attributionSrcMode:"ATTRIBUTION_SRC_MODE_LABEL_CHROME"},{baseUrl:"https://www.youtube.com/pagead/adview?ai=C"+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: progressPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+zd+"&cid="+ea+"&label=video_skip_shown&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]",offsetMilliseconds:5E3},{baseUrl:"https://www.googleadservices.com/pagead/aclk?sa=L&ai=C"+B+"____________"+C+"AxAA&ase=2&num="+fa+"&cid="+ea+"&ad_cpn=%5BAD_CPN%5D&sig="+W+"&adurl="+Vc+"&ctype="+ib+"&ms=[CLICK_MS]&label=video_10s_engaged_view&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=",offsetMilliseconds:1E4, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"10000",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei="+S+"&m_pos="+Cb+"&token=ALHj"+ba+"&index="+fa+"&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver="+c+"&m_pos_ms="+vc}},adSlotLoggingData:{serializedSlotAdServingDataEntry:Vi}}}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: resumePings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+v+"&cid="+ea+"&label=adresume&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+fa+";dc_exteid="+Ab+";met="+fa+";ecn"+fa+"="+fa+";etm1="+fa+";eid1="+Cb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],skipPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+v+"&cid="+ea+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: return _.q("yt-smartimation",{class:wVa(k,d)},_.Ng(d.experimentEnabled,function(){var n=d.uniqueId+"-border",r,t;var u="https://www.gstatic.com/youtube/img/lottie/smartimations/smartimation_border_"+((t=(r=_.ci().resolve(_.$h(_.ms)))==null?void 0:r())!=null&&t?"dark":"light")+"_v2.json";return _.q("div",{class:"smartimation__border"},_.q(eSa,{className:"smartimation__border-gradient",data:{animationRef:e,animationConfig:{name:n,autoplay:!1,loop:!1,path:u}}}))}),_.q("div",{class:"smartimation__content"}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: return _.q(_.bm,{cond:d,then:function(){return _.q("div",{class:"ytwYouChatChipsDataChipWrapper"},_.q("button",{el:b,class:"ytwYouChatChipsDataChip","data-disabled":a.disabled,"on:click":k,tabindex:0},g))}})});var ocd={animationConfig:{autoplay:!1,loop:!1,renderer:"svg",rendererSettings:{viewBoxSize:"12 0 48 48"},name:"YOUCHAT_ICON",path:"https://www.gstatic.com/youtube/img/lottie/youchat_animations/progress_indicator_solo_v1.json"}},pcd=_.Br(function(a){var b=function(){var C;return(C=a.data().text)==null?void 0:C.content},c=function(){var C,G; equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: rootVe:83769}},urlEndpoint:{url:"https://www.googleadservices.com/pagead/aclk?sa=L&ai=C"+B+"____________"+C+"AxAA&ase=2&num="+fa+"&cid="+ea+"&ad_cpn=%5BAD_CPN%5D&sig="+W+"&adurl="+Vc+"&label=video_click_to_advertiser_site&ctype="+ib+"&ms=[CLICK_MS]",target:"TARGET_NEW_WINDOW",attributionSrcMode:"ATTRIBUTION_SRC_MODE_LABEL_CHROME"}},trackingParams:wb+"="}},durationMilliseconds:7E3,countdownRenderer:{timedPieCountdownRenderer:{trackingParams:wb+"="}},navigationEndpoint:{clickTrackingParams:Pd,loggingUrls:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: this.bgChallenge=Y3a(a.bgChallenge);this.ttlSeconds=Z3a(Nv(a.challenge||""));this.fetcher=b(this.requestKey,_.w("par_at_ep")?["www.youtube.com","m.youtube.com"].includes(_.ha.location.hostname)?"/api/jnn/v1/GenerateIT":"https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT":"https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT",a);r5a(this.fetcher)},hgc=function(a){if(!a.vm){var b={maxAttempts:5, equals www.youtube.com (Youtube)
Source: chromecache_339.2.drString found in binary or memory: this.qW.kO&&(X.authuser=this.qW.kO);this.qW.pageId&&(X.pageid=this.qW.pageId);isNaN(this.cryptoPeriodIndex)||(X.cpi=this.cryptoPeriodIndex.toString());var n=(n=/_(TV|STB|GAME|OTT|ATV|BDP)_/.exec(g.Rh()))?n[1]:"";n==="ATV"&&(X.cdt=n);this.Z=X;this.Z.session_id=G;this.C=!0;this.G.flavor==="widevine"&&(this.Z.hdr="1");this.G.flavor==="playready"&&(c=Number(qY(c.experiments,"playready_first_play_expiration")),!isNaN(c)&&c>=0&&(this.Z.mfpe=""+c),this.C=!1);c="";g.NY(this.G)?IE(this.G)?(G=V.G)&&(c="https://www.youtube.com/api/drm/fps?ek="+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: trackName:""},{baseUrl:"https://www.youtube.com/api/timedtext?v="+v+"&caps="+rb+"&opi="+pd+"&xoaf="+fa+"&hl="+Ka+"&ip="+bb+"&ipbits="+fa+"&expire="+Vb+"&sparams=ip,ipbits,expire,v,caps,opi,xoaf&signature="+bb+"&key="+rb+"&kind="+rb+"&lang="+Ka,name:{simpleText:Ea},vssId:"a.it",languageCode:"it",kind:"asr",isTranslatable:!0,trackName:""}],audioTracks:[{captionTrackIndices:[0,1],defaultCaptionTrackIndex:0,visibility:"UNKNOWN",hasDefaultTrack:!0,captionsInitialState:"CAPTIONS_INITIAL_STATE_OFF_RECOMMENDED"}], equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: trackingParams:wb+"=",adInfoRenderer:{adHoverTextButtonRenderer:{button:{buttonRenderer:{style:"STYLE_UNKNOWN",size:"SIZE_DEFAULT",isDisabled:!1,icon:{iconType:"INFO_OUTLINE"},navigationEndpoint:{clickTrackingParams:Pd,openPopupAction:{popup:{aboutThisAdRenderer:{url:(B_.privateDoNotAccessOrElseTrustedResourceUrlWrappedValue="https://www.youtube.com/aboutthisad?pf=web&source=youtube&reasons=A"+L+"&hl="+Ka+"&origin=www.youtube.com&ata_theme="+Sn,B_),trackingParams:wb+"="}},popupType:"DIALOG"}},trackingParams:wb+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: trackingParams:wb+"=",backgroundImage:{thumbnail:{thumbnails:[{url:""}]},trackingParams:wb+"="},abandonCommands:{commands:[{clickTrackingParams:Pd,loggingUrls:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+v+"&cid="+ea+"&label=video_abandon&ad_mt=[AD_MT]&ad_tos=[AD_TOS]&ad_wat=[AD_WAT]&final=[FINAL]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+fa+";dc_exteid="+Ab+";met="+fa+";ecn"+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: unregisterActionMap:function(a){_.vm(_.tm.getInstance(),a,this)}}]};var Is=new Map([["FACE_HAPPY",{name:"animated_face_happy_light",nameDarkTheme:"animated_face_happy_dark",path:"https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/light_mode/face_happy.json",pathDarkTheme:"https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/dark_mode/face_happy.json",lottiePlayerProps:{animationConfig:{loop:!1,autoplay:!1}},type:"FACE_HAPPY",totalFrames:121,lazyLoad:!1}],["FACE_MEH",{name:"animated_face_meh_light",nameDarkTheme:"animated_face_meh_dark", equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: v+"/maxresdefault.jpg",width:1280,height:720}]},embed:{iframeUrl:"https://www.youtube.com/embed/"+zd,width:1280,height:720},title:{simpleText:lb},description:{simpleText:Aj},lengthSeconds:"1156",ownerProfileUrl:"http://www.youtube.com/@"+im,externalChannelId:gb,isFamilySafe:!0,availableCountries:"AD AE AF AG AI AL AM AO AQ AR AS AT AU AW AX AZ BA BB BD BE BF BG BH BI BJ BL BM BN BO BQ BR BS BT BV BW BY BZ CA CC CD CF CG CH CI CK CL CM CN CO CR CU CV CW CX CY CZ DE DJ DK DM DO DZ EC EE EG EH ER ES ET FI FJ FK FM FO FR GA GB GD GE GF GG GH GI GL GM GN GP GQ GR GS GT GU GW GY HK HM HN HR HT HU ID IE IL IM IN IO IQ IR IS IT JE JM JO JP KE KG KH KI KM KN KP KR KW KY KZ LA LB LC LI LK LR LS LT LU LV LY MA MC MD ME MF MG MH MK ML MM MN MO MP MQ MR MS MT MU MV MW MX MY MZ NA NC NE NF NG NI NL NO NP NR NU NZ OM PA PE PF PG PH PK PL PM PN PR PS PT PW PY QA RE RO RS RU RW SA SB SC SD SE SG SH SI SJ SK SL SM SN SO SR SS ST SV SX SY SZ TC TD TF TG TH TJ TK TL TM TN TO TR TT TV TW TZ UA UG UM US UY UZ VA VC VE VG VI VN VU WF WS YE YT ZA ZM ZW".split(" "), equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: v,target:"TARGET_NEW_WINDOW"}},trackingParams:wb+"="}},trackingParams:wb+"="}}}},endscreen:{endscreenRenderer:{elements:[{endscreenElementRenderer:{style:"CHANNEL",image:{thumbnails:[{url:"https://yt3.ggpht.com/"+Da+"=s250-c-k-c0x00ffffff-no-rj",width:250,height:250},{url:"https://yt3.ggpht.com/"+Da+"=s400-c-k-c0x00ffffff-no-rj",width:400,height:400}]},icon:{thumbnails:[{url:"https://www.gstatic.com/youtube/img/annotations/youtube.png"}]},left:.030214407,width:.15438597,top:.37587035,aspectRatio:1, equals www.youtube.com (Youtube)
Source: chromecache_339.2.drString found in binary or memory: var k6={};var P1A={YF:[{pO:/Unable to load player module/,weight:20},{pO:/Failed to fetch/,weight:500},{pO:/XHR API fetch failed/,weight:10},{pO:/JSON parsing failed after XHR fetch/,weight:10},{pO:/Retrying OnePlatform request/,weight:10},{pO:/CSN Missing or undefined during playback association/,weight:100},{pO:/Non-recoverable error. Do not retry./,weight:0},{pO:/Internal Error. Retry with an exponential backoff./,weight:0},{pO:/API disabled by application./,weight:0}],oF:[{callback:xNj,weight:500}]};var gZs=/[&\?]action_proxy=1/,MiL=/[&\?]token=([\w-]*)/,fbD=/[&\?]video_id=([\w-]*)/,pg8=/[&\?]index=([\d-]*)/,Ibj=/[&\?]m_pos_ms=([\d-]*)/,UNl=/[&\?]vvt=([\w-]*)/,eZj="ca_type dt el flash u_tz u_his u_h u_w u_ah u_aw u_cd u_nplug u_nmime frm u_java bc bih biw brdim vis wgl".split(" "),N$D="www.youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com:443 youtube.googleapis.com www.youtubeedu.com www.youtubeeducation.com video.google.com redirector.gvt1.com".split(" "),RZl={android:"ANDROID", equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: weight:0},{messageRegExp:/.*WtdDiv.*/,weight:0},{messageRegExp:/.*Failed to execute 'appendChild'.*/,weight:0},{messageRegExp:/.*TypeError: a is not a constructor'.*/,weight:0},{messageRegExp:/.*Readwise.*/,weight:0},{messageRegExp:/.*Form is either loading or already opened*/,weight:0},{messageRegExp:/.*wtd-div.*/,weight:0},{messageRegExp:/.*Blocked a frame with origin "https:\/\/www.youtube.com" from accessing a cross-origin frame.*/,weight:0},{messageRegExp:/.*disguiseToken.*/,weight:0},{messageRegExp:/Identifier 'YTNonstop' has already been declared/, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: weight:500},{callback:function(a){if(!a.stack)return!1;var b=a.stack.trim().split("\n");b.length&&b[0].endsWith("Error: "+a.message)&&b.shift();b.length&&b[b.length-1].includes("at window.onerror (")&&b.pop();if(!b.length)return!0;if(a.message==="Script error.")return b[0].includes("www.youtube.com")||b.length>=2&&b[0].startsWith("at new")&&b[1].startsWith("at window.onerror");if(a.message==="Unexpected token")return!0;a=_.h(b);for(b=a.next();!b.done;b=a.next())if(b=b.value,!(b.includes("<anonymous>")|| equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: zd+"&aqi="+S+"&ad_rmp="+fa+"&sli="+fa}],errorPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+v+"&cid="+ea+"&label=videoplayfailed[ERRORCODE]"}],mutePings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+v+"&cid="+ea+"&label=admute&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+fa+";dc_exteid="+Ab+";met="+fa+";ecn"+fa+"="+ equals www.youtube.com (Youtube)
Source: chromecache_569.2.drString found in binary or memory: {"name":"YouTube","short_name":"YouTube","background_color":"#FFFFFF","display":"minimal-ui","start_url":"/?feature\u003dytca","scope":"/","icons":[{"src":"https://www.gstatic.com/youtube/img/branding/favicon/favicon_144x144_v2.png","sizes":"144x144","type":"image/png"},{"src":"https://www.gstatic.com/youtube/img/branding/favicon/favicon_192x192_v2.png","sizes":"192x192","type":"image/png"},{"src":"https://www.gstatic.com/youtube/img/web/monochrome/logo_16x16.png","sizes":"16x16","type":"image/png","purpose":"monochrome"},{"src":"https://www.gstatic.com/youtube/img/web/monochrome/logo_32x32.png","sizes":"32x32","type":"image/png","purpose":"monochrome"},{"src":"https://fonts.gstatic.com/s/i/googlematerialicons/video_youtube/v11/white-48dp/1x/gm_video_youtube_white_48dp.png","sizes":"48x48","type":"image/png","purpose":"monochrome"},{"src":"https://www.gstatic.com/youtube/img/web/monochrome/logo_512x512.png","sizes":"512x512","type":"image/png","purpose":"monochrome"}],"theme_color":"#FF0000","gcm_sender_id":"402845223712","gcm_user_visible_only":true,"related_applications":[],"capture_links":"none","shortcuts":[{"name":"Subscriptions","url":"/feed/subscriptions?feature\u003dapp_shortcuts","icons":[{"src":"https://www.gstatic.com/youtube/img/web/shortcuts/subscriptions_512x512.png","sizes":"512x512","type":"image/png","purpose":"any monochrome"}]},{"name":"Explore","url":"/feed/explore?feature\u003dapp_shortcuts","icons":[{"src":"https://www.gstatic.com/youtube/img/web/shortcuts/explore_512x512.png","sizes":"512x512","type":"image/png","purpose":"any monochrome"}]}]} equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: {adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:Wc,offsetEndMilliseconds:Wc},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"10000",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei="+S+"&m_pos="+ib+"&token=ALHj"+ba+"&index="+fa+"&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver="+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: {adPlacementRenderer:{config:{adPlacementConfig:{kind:"zf",adTimeOffset:{offsetStartMilliseconds:"63",offsetEndMilliseconds:"83"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"59",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: {baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+fa+";dc_exteid="+Ab+";met="+fa+";ecn"+fa+"="+fa+";etm1="+fa+";eid1="+Cb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],activeViewFullyViewableAudibleHalfDurationPings:[{baseUrl:"https://www.youtube.com/pcs/activeview?xai="+r+"&sig="+cb+"&ad_cpn=[AD_CPN]&id="+Sf+"&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]&avgm="+fa},{baseUrl:"https://pagead2.googlesyndication.com/activeview_ext?id="+Sf+"&dc_pubid="+fa+"&dc_exteid="+Ab+"&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]?"}], equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: {baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+fa+";dc_exteid="+Ab+";met="+fa+";ecn"+fa+"="+fa+";etm1="+fa+";eid1="+Cb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],activeViewViewablePings:[{baseUrl:"https://www.youtube.com/pcs/activeview?xai="+r+"&sig="+cb+"&ad_cpn=[AD_CPN]&id="+Sf+"&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://pagead2.googlesyndication.com/activeview_ext?id="+Sf+"&dc_pubid="+fa+"&dc_exteid="+Ab+"&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]?"}], equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: {baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+fa+";dc_exteid="+Ab+";met="+fa+";ecn"+fa+"="+fa+";etm1="+fa+";eid1="+Cb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],pingingEndpoint:{hack:!0}}]},adRendererCommands:{impressionCommand:{clickTrackingParams:Pd,commandExecutorCommand:{commands:[{clickTrackingParams:Pd,loggingUrls:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+C+"AxAA&sigh="+zd+"&cid="+ea+"&label=video_card_endcap_impression"}], equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: {baseUrl:"https://www.youtube.com/pagead/adview?ai=C"+B+"____________"+C+"AxAA&sigh="+zd+"&cid="+ea+"&ad_cpn=[AD_CPN]&lact=[LACT]"},{baseUrl:"https://www.youtube.com/api/stats/ads?ver="+fa+"&ns="+fa+"&event="+fa+"&device="+fa+"&content_v="+v+"&el="+ai+"&ei="+S+"&devicever="+c+"&bti="+Jb+"&format="+Wc+"&break_type="+fa+"&conn=[CONN]&cpn=[CPN]&lact=[LACT]&m_pos="+fa+"&mt=[MT]&p_h=[P_H]&p_w=[P_W]&rwt=[RWT]&sdkv="+bb+"&slot_pos="+fa+"&slot_len="+fa+"&vis=[VIS]&vol=[VOL]&wt=[WT]&ad_cpn=[AD_CPN]&ad_id="+ equals www.youtube.com (Youtube)
Source: chromecache_540.2.drString found in binary or memory: {instreamVideoAdRenderer:{skipOffsetMilliseconds:5E3,pings:{impressionPings:[{baseUrl:"https://ad.doubleclick.net/ddm/trackimp/N1957659.127733GOOGLE-YOUTUBE/B29940965.366940103;dc_trk_aid="+pd+";dc_trk_cid="+pd+";ord="+Vb+";dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;ltd=;dc_tdv="+fa+";dc_rui="+fa+";dc_exteid="+Ab+";dc_av="+ib+";dc_sk="+fa+";dc_ctype="+Cb+";dc_ref=http://www.youtube.com/video/"+zd+";dc_pubid="+fa+";dc_btype=23?gclid="+Ja+"&ase=2",attributionSrcMode:"ATTRIBUTION_SRC_MODE_LABEL_CHROME"}, equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: www.williamrubano.com
Source: global trafficDNS traffic detected: DNS query: 7fw.de
Source: global trafficDNS traffic detected: DNS query: api.pushbullet.com
Source: global trafficDNS traffic detected: DNS query: www.youtube.com
Source: global trafficDNS traffic detected: DNS query: i.ytimg.com
Source: global trafficDNS traffic detected: DNS query: rr2---sn-p5qs7n6d.googlevideo.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: static.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: youtube.com
Source: global trafficDNS traffic detected: DNS query: play.google.com
Source: global trafficDNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global trafficDNS traffic detected: DNS query: beacons.gvt2.com
Source: global trafficDNS traffic detected: DNS query: beacons2.gvt2.com
Source: unknownHTTP traffic detected: POST /v2/pushes HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 345Host: api.pushbullet.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 13 Mar 2025 01:28:16 GMTServer: ApacheContent-Length: 253Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundTiming-Allow-Origin: *Cross-Origin-Resource-Policy: cross-originContent-Type: image/jpegDate: Thu, 13 Mar 2025 01:28:32 GMTExpires: Thu, 13 Mar 2025 01:29:02 GMTCache-Control: public, max-age=30X-Content-Type-Options: nosniffServer: sffeContent-Length: 1097X-XSS-Protection: 0Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
Source: Help.pdf.0.drString found in binary or memory: http://discord.gg/KYfD2MQ)
Source: chromecache_540.2.drString found in binary or memory: http://hammerjs.github.io/
Source: chromecache_540.2.drString found in binary or memory: http://i1.ytimg.com/vi/
Source: jscolor.js.0.drString found in binary or memory: http://jscolor.com
Source: jscolor.js.0.drString found in binary or memory: http://jscolor.com/examples/
Source: chromecache_540.2.drString found in binary or memory: http://mathiasbynens.be/
Source: chromecache_540.2.drString found in binary or memory: http://mths.be/fromcodepoint
Source: chromecache_540.2.drString found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chromecache_540.2.drString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chromecache_540.2.drString found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chromecache_540.2.drString found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: SecuriteInfo.com.FileRepMalware.26489.28570.exe, 00000000.00000003.1072738353.0000000006B5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purl.o
Source: chromecache_540.2.dr, chromecache_339.2.drString found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: chromecache_540.2.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_540.2.drString found in binary or memory: http://www.broofa.com
Source: chromecache_540.2.drString found in binary or memory: http://www.d-project.com/
Source: chromecache_540.2.drString found in binary or memory: http://www.denso-wave.com/qrcode/faqpatent-e.html
Source: chromecache_540.2.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: SecuriteInfo.com.FileRepMalware.26489.28570.exe, 00000000.00000003.866977957.0000000003370000.00000004.00000800.00020000.00000000.sdmp, 60365164.ini.0.dr, 65503596.ini.0.dr, 82760448.ini.0.dr, 85265766.ini.0.drString found in binary or memory: http://www.williamrubano.com/upload/files/Rotate/Rotate.exe
Source: chromecache_540.2.drString found in binary or memory: http://www.youtube.com/
Source: chromecache_540.2.drString found in binary or memory: http://www.youtube.com/video/
Source: chromecache_339.2.drString found in binary or memory: http://www.youtube.com/videoplayback
Source: chromecache_339.2.drString found in binary or memory: http://youtube.com/drm/2012/10/10
Source: chromecache_339.2.drString found in binary or memory: http://youtube.com/streaming/metadata/segment/102015
Source: chromecache_339.2.drString found in binary or memory: http://youtube.com/streaming/otf/durations/112015
Source: chromecache_339.2.drString found in binary or memory: http://youtube.com/yt/2012/10/10
Source: chromecache_540.2.drString found in binary or memory: https://accounts.google.com/AddSession
Source: chromecache_540.2.drString found in binary or memory: https://accounts.google.com/ServiceLogin
Source: chromecache_540.2.drString found in binary or memory: https://accounts.youtube.com/RotateCookiesPage?origin=https://www.youtube.com&yt_pid=
Source: chromecache_540.2.drString found in binary or memory: https://ad.doubleclick.net/ddm/trackclk/N444803.2428500DBMSITEID/B30029229.368252041;dc_trk_aid=
Source: chromecache_540.2.drString found in binary or memory: https://ad.doubleclick.net/ddm/trackimp/N1957659.127733GOOGLE-YOUTUBE/B29940965.366940103;dc_trk_aid
Source: chromecache_540.2.drString found in binary or memory: https://ad.doubleclick.net/ddm/trackimp/N444803.2428500DBMSITEID/B30029229.368252041;dc_trk_aid=
Source: chromecache_540.2.drString found in binary or memory: https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid=
Source: chromecache_339.2.drString found in binary or memory: https://admin.youtube.com
Source: chromecache_540.2.dr, chromecache_339.2.drString found in binary or memory: https://angular.dev/license
Source: chromecache_540.2.drString found in binary or memory: https://angular.io/license
Source: chromecache_540.2.drString found in binary or memory: https://apis.google.com
Source: chromecache_540.2.drString found in binary or memory: https://apis.google.com/js/api.js
Source: ProfileEditor.exe.0.drString found in binary or memory: https://autohotkey.com
Source: ProfileEditor.exe.0.drString found in binary or memory: https://autohotkey.comCould
Source: chromecache_540.2.drString found in binary or memory: https://clients2.google.com/gr/gr_sync.js
Source: chromecache_339.2.drString found in binary or memory: https://docs.google.com/get_video_info
Source: chromecache_540.2.drString found in binary or memory: https://docs.google.com/picker
Source: chromecache_540.2.drString found in binary or memory: https://embeddedassistant-clients6.youtube.com/google.assistant.embedded.v1.EmbeddedAssistant/YTAssi
Source: chromecache_540.2.drString found in binary or memory: https://embeddedassistant-frontend-clients6.youtube.com/google.assistant.embedded.v1.EmbeddedAssista
Source: chromecache_540.2.drString found in binary or memory: https://embeddedassistant-frontend-webchannel.googleapis.com/google.assistant.embedded.v1.EmbeddedAs
Source: chromecache_540.2.drString found in binary or memory: https://embeddedassistant-webchannel.googleapis.com/google.assistant.embedded.v1.EmbeddedAssistant/Y
Source: chromecache_513.2.drString found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: chromecache_540.2.drString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto
Source: chromecache_540.2.drString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: chromecache_540.2.drString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto_old:300italic
Source: chromecache_540.2.drString found in binary or memory: https://fonts.gstatic.com
Source: chromecache_540.2.drString found in binary or memory: https://fonts.gstatic.com/s/i/
Source: chromecache_540.2.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_540.2.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_540.2.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_540.2.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_569.2.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/video_youtube/v11/white-48dp/1x/gm_video_youtube_w
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc-CsTKlA.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc0CsTKlA.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc1CsTKlA.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc2CsTKlA.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc3CsTKlA.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc5CsTKlA.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc-CsTKlA.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc0CsTKlA.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc1CsTKlA.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc2CsTKlA.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc3CsTKlA.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc5CsTKlA.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic-CsTKlA.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic0CsTKlA.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic1CsTKlA.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic2CsTKlA.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic3CsTKlA.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic5CsTKlA.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xEIzIFKw.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xFIzIFKw.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xGIzIFKw.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xHIzIFKw.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xIIzI.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xLIzIFKw.woff2)
Source: chromecache_524.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xMIzIFKw.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_380.2.drString found in binary or memory: https://fonts.gstatic.com/s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_QOW4Ep0.woff2)
Source: chromecache_380.2.drString found in binary or memory: https://fonts.gstatic.com/s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_R-W4Ep0.woff2)
Source: chromecache_380.2.drString found in binary or memory: https://fonts.gstatic.com/s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_ROW4.woff2)
Source: chromecache_380.2.drString found in binary or memory: https://fonts.gstatic.com/s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_S-W4Ep0.woff2)
Source: chromecache_380.2.drString found in binary or memory: https://fonts.gstatic.com/s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_SeW4Ep0.woff2)
Source: chromecache_380.2.drString found in binary or memory: https://fonts.gstatic.com/s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_SuW4Ep0.woff2)
Source: chromecache_513.2.drString found in binary or memory: https://fonts.gstatic.com/s/youtubesans/v30/Qw38ZQNGEDjaO2m6tqIqX5E-AVS5_rSejo46_PCTRspJ0OosolrBEJL3
Source: chromecache_540.2.drString found in binary or memory: https://gamesnacks.com
Source: chromecache_540.2.drString found in binary or memory: https://garlo.com/enapa2%3Fgc_id%3D20599670093&label=video_click_to_advertiser_site&ctype=110
Source: chromecache_540.2.drString found in binary or memory: https://github.com/dmoscrop/fold-case
Source: chromecache_540.2.dr, chromecache_339.2.drString found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: chromecache_540.2.drString found in binary or memory: https://i.ytimg.com/an/
Source: chromecache_540.2.drString found in binary or memory: https://i.ytimg.com/sb/
Source: chromecache_540.2.dr, chromecache_339.2.drString found in binary or memory: https://i.ytimg.com/vi/
Source: chromecache_540.2.drString found in binary or memory: https://i.ytimg.com/vi/AERLXaPKn_U/mqdefault.jpg
Source: chromecache_339.2.drString found in binary or memory: https://jnn-pa.googleapis.com
Source: chromecache_540.2.drString found in binary or memory: https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Source: chromecache_540.2.drString found in binary or memory: https://mathiasbynens.be/
Source: chromecache_339.2.drString found in binary or memory: https://music.youtube.com
Source: chromecache_540.2.drString found in binary or memory: https://myaccount-autopush.corp.google.com
Source: chromecache_540.2.drString found in binary or memory: https://myaccount-dev.corp.google.com
Source: chromecache_540.2.drString found in binary or memory: https://myaccount-staging.corp.google.com
Source: chromecache_540.2.drString found in binary or memory: https://myaccount.google.com
Source: chromecache_540.2.drString found in binary or memory: https://oauth-redirect-sandbox.googleusercontent.com
Source: chromecache_540.2.drString found in binary or memory: https://oauth-redirect-test.googleusercontent.com
Source: chromecache_540.2.drString found in binary or memory: https://oauth-redirect.googleusercontent.com
Source: chromecache_540.2.drString found in binary or memory: https://pagead2.googlesyndication.com/activeview_ext?id=
Source: chromecache_540.2.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=dv&
Source: chromecache_540.2.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=error&bin=17
Source: chromecache_540.2.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fetch&later&lidartos
Source: chromecache_540.2.drString found in binary or memory: https://play.google.com
Source: chromecache_339.2.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_339.2.drString found in binary or memory: https://redux.js.org/api/store#subscribelistener
Source: chromecache_339.2.drString found in binary or memory: https://redux.js.org/tutorials/fundamentals/part-4-store#creating-a-store-with-enhancers
Source: chromecache_339.2.drString found in binary or memory: https://redux.js.org/tutorials/fundamentals/part-4-store#middleware
Source: chromecache_339.2.drString found in binary or memory: https://redux.js.org/tutorials/fundamentals/part-6-async-logic#using-the-redux-thunk-middleware
Source: chromecache_540.2.drString found in binary or memory: https://rr3---sn-n4v7sns7.googlevideo.com/videoplayback?expire=1697267654&source=youtube&requiressl=
Source: chromecache_540.2.drString found in binary or memory: https://s.youtube.com
Source: chromecache_540.2.drString found in binary or memory: https://s.youtube.com/api/stats/atr?docid=
Source: chromecache_540.2.drString found in binary or memory: https://s.youtube.com/api/stats/delayplay?cl=
Source: chromecache_540.2.drString found in binary or memory: https://s.youtube.com/api/stats/playback?cl=
Source: chromecache_540.2.drString found in binary or memory: https://s.youtube.com/api/stats/qoe?cl=
Source: chromecache_540.2.drString found in binary or memory: https://s.youtube.com/api/stats/watchtime?cl=
Source: chromecache_540.2.drString found in binary or memory: https://schema.org
Source: chromecache_540.2.drString found in binary or memory: https://ssl.gstatic.com/docs/doclist/images/icon_10_generic_list.png
Source: chromecache_540.2.drString found in binary or memory: https://studio.youtube.com/
Source: chromecache_540.2.drString found in binary or memory: https://support.google.com
Source: chromecache_540.2.drString found in binary or memory: https://support.google.com/
Source: chromecache_339.2.drString found in binary or memory: https://support.google.com/youtube/?p=missing_quality
Source: chromecache_339.2.drString found in binary or memory: https://support.google.com/youtube/?p=noaudio
Source: chromecache_339.2.drString found in binary or memory: https://support.google.com/youtube/?p=report_playback
Source: chromecache_339.2.drString found in binary or memory: https://support.google.com/youtube/answer/3037019#check_ad_blockers&zippy=%2Ccheck-your-extensions-i
Source: chromecache_339.2.drString found in binary or memory: https://support.google.com/youtube/answer/6276924
Source: chromecache_540.2.drString found in binary or memory: https://support.google.com/youtube/answer/9706180
Source: chromecache_540.2.drString found in binary or memory: https://support.google.com/youtube/bin/answer.py?answer=140536
Source: chromecache_540.2.drString found in binary or memory: https://tv.youtube.com
Source: chromecache_540.2.drString found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_339.2.drString found in binary or memory: https://viacon.corp.google.com
Source: chromecache_540.2.drString found in binary or memory: https://www.google-analytics.com/analytics.js
Source: chromecache_540.2.drString found in binary or memory: https://www.google.com
Source: chromecache_540.2.drString found in binary or memory: https://www.google.com/get/videoqualityreport/
Source: chromecache_540.2.drString found in binary or memory: https://www.google.com/get/videoqualityreport/?v=
Source: chromecache_540.2.drString found in binary or memory: https://www.google.com/recaptcha/api.js?trustedtypes=true
Source: chromecache_540.2.drString found in binary or memory: https://www.google.com/recaptcha/api.js?trustedtypes=true&hl=
Source: chromecache_540.2.drString found in binary or memory: https://www.google.com/tools/feedback
Source: chromecache_540.2.drString found in binary or memory: https://www.googleadservices.com/pagead/aclk?sa=L&ai=C
Source: chromecache_540.2.drString found in binary or memory: https://www.googleadservices.com/pagead/aclk?sa=L&ai=C3OQpfbUyZYWKL_Ken8RMFbClwAyRha6dc6fw7oP7EbaQHx
Source: chromecache_540.2.drString found in binary or memory: https://www.googleadservices.com/pagead/managed/js/activeview/
Source: chromecache_339.2.drString found in binary or memory: https://www.googleapis.com/certificateprovisioning/v1/devicecertificates/create?key=AIzaSyB-5OLKTx2i
Source: chromecache_540.2.drString found in binary or memory: https://www.googletagmanager.com/ns.html?id=
Source: chromecache_540.2.drString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-5KBDVVN
Source: chromecache_540.2.drString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-TGBSZFB
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/external_hosted/lottie/lottie_light.js
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/google_guarantee_grey600_48dp.png
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/local_shipping_grey600_48dp.png
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/location_on_grey600_48dp.png
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/undo_grey600_48dp.png
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/uservoice/feedback/client/web/
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/annotations/youtube.png
Source: chromecache_569.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/branding/favicon/favicon_144x144_v2.png
Source: chromecache_569.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/branding/favicon/favicon_192x192_v2.png
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/creator/posts/Lottie_QuizCorrect_DarkTheme_01a.json
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/creator/posts/Lottie_QuizCorrect_LightTheme_01a.json
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/creator/posts/Lottie_QuizIncorrect_DarkTheme_01a.json
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/creator/posts/Lottie_QuizIncorrect_LightTheme_01a.json
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/handles/handles_curl_section_illustration_dark_v1.svg
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/handles/handles_curl_section_illustration_light_v1.svg
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/handles/handles_squiggle_1_dark_v1.svg
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/handles/handles_squiggle_1_light_v1.svg
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/handles/handles_squiggle_2_dark_v1.svg
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/handles/handles_squiggle_2_light_v1.svg
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/handles/handles_squiggle_3_dark.svg
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/handles/handles_squiggle_3_light.svg
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/handles/handles_squiggle_4_dark.svg
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/handles/handles_squiggle_4_light.svg
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/handles/handles_squiggle_5_dark.svg
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/handles/handles_squiggle_5_light_v2.svg
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/handles/handles_squiggle_6_dark.svg
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/handles/handles_squiggle_6_light.svg
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/icons/web/
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/labs/early_access_web_background_expanded_ai_2x.jpg
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/livestream/live_chat/lottie_animation/shimmer_background.json
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/lottie/
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/lottie/animated_like_icon/animated_like_icon_dark_v4.json
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/lottie/animated_like_icon/animated_like_icon_light_v4.json
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/lottie/custom_animated_like_icon/animated_like_valentines25_brok
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/lottie/custom_animated_like_icon/animated_like_valentines25_hear
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/lottie/playables_loading_animation/
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/lottie/smartimations/smartimation_border_
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/lottie/subscribe_action/subscribe_action_bell_icon_
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/lottie/subscribe_action/subscribe_action_bell_icon_dark.json
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/lottie/subscribe_action/subscribe_action_bell_icon_light.json
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/lottie/subscribe_action/subscribe_action_container_
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/lottie/subscribe_action/subscribe_action_sparkles_
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/lottie/youchat_animations/progress_indicator_comp_v1.json
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/lottie/youchat_animations/progress_indicator_solo_v1.json
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/dark_mode/face_happy.json
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/dark_mode/face_meh.json
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/dark_mode/face_sad.json
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/dark_mode/face_unhappy.json
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/dark_mode/face_very_happy.json
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/light_mode/face_happy.json
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/light_mode/face_meh.json
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/light_mode/face_sad.json
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/light_mode/face_unhappy.json
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/light_mode/face_very_happy.json
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/useredu/smart_downloads_optin_banner.gif
Source: chromecache_540.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/useredu/smart_downloads_optin_banner.svg
Source: chromecache_569.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/web/monochrome/logo_16x16.png
Source: chromecache_569.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/web/monochrome/logo_32x32.png
Source: chromecache_569.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/web/monochrome/logo_512x512.png
Source: chromecache_569.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/web/shortcuts/explore_512x512.png
Source: chromecache_569.2.drString found in binary or memory: https://www.gstatic.com/youtube/img/web/shortcuts/subscriptions_512x512.png
Source: chromecache_339.2.drString found in binary or memory: https://www.gstatic.com/ytlr/img/sign_in_avatar_default.png?rn=
Source: Payment.html.0.drString found in binary or memory: https://www.paypal.com/cgi-bin/webscr
Source: Payment.html.0.drString found in binary or memory: https://www.paypalobjects.com/en_US/i/btn/btn_subscribeCC_LG.gif
Source: Payment.html.0.drString found in binary or memory: https://www.paypalobjects.com/en_US/i/scr/pixel.gif
Source: chromecache_540.2.drString found in binary or memory: https://www.youtube.com
Source: chromecache_540.2.drString found in binary or memory: https://www.youtube.com/
Source: chromecache_540.2.drString found in binary or memory: https://www.youtube.com/aboutthisad?pf=web&source=youtube&reasons=A
Source: chromecache_339.2.drString found in binary or memory: https://www.youtube.com/api/drm/fps?ek=
Source: chromecache_540.2.drString found in binary or memory: https://www.youtube.com/api/stats/ads?ver=
Source: chromecache_540.2.drString found in binary or memory: https://www.youtube.com/api/timedtext?v=
Source: chromecache_540.2.drString found in binary or memory: https://www.youtube.com/embed/
Source: chromecache_339.2.drString found in binary or memory: https://www.youtube.com/generate_204?cpn=
Source: chromecache_540.2.drString found in binary or memory: https://www.youtube.com/get_midroll_info?ei=
Source: chromecache_540.2.drString found in binary or memory: https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVx
Source: chromecache_540.2.drString found in binary or memory: https://www.youtube.com/howyoutubeworks/product-features/search/
Source: chromecache_540.2.drString found in binary or memory: https://www.youtube.com/iframe_api
Source: chromecache_540.2.drString found in binary or memory: https://www.youtube.com/pagead/adview?ai=C
Source: chromecache_540.2.drString found in binary or memory: https://www.youtube.com/pagead/interaction/?ai=C
Source: chromecache_540.2.drString found in binary or memory: https://www.youtube.com/pcs/activeview?xai=
Source: chromecache_540.2.drString found in binary or memory: https://www.youtube.com/ptracking?ei=
Source: chromecache_339.2.drString found in binary or memory: https://www.youtube.com/s/
Source: chromecache_540.2.drString found in binary or memory: https://www.youtube.com/youtubei/v1/player?key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8&prettyPrint=f
Source: chromecache_339.2.drString found in binary or memory: https://youtu.be/
Source: chromecache_540.2.drString found in binary or memory: https://youtube.com
Source: chromecache_339.2.drString found in binary or memory: https://youtube.com/api/drm/fps?ek=uninitialized
Source: chromecache_540.2.drString found in binary or memory: https://youtube.com/watch?v=
Source: chromecache_339.2.drString found in binary or memory: https://youtubei.googleapis.com/youtubei/
Source: chromecache_540.2.drString found in binary or memory: https://yt3.ggpht.com/
Source: chromecache_540.2.drString found in binary or memory: https://yt3.ggpht.com/ytc/
Source: chromecache_339.2.drString found in binary or memory: https://yurt.corp.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49685 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49687
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49685
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49684
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49683
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49684 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49683 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49687 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 37.120.188.94:443 -> 192.168.2.7:49683 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.208.197.37:443 -> 192.168.2.7:49684 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.208.197.37:443 -> 192.168.2.7:49687 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Installs a global keyboard hook
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeWindows user hook set: 0 mouse low level C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeWindows user hook set: 0 mouse low level C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeJump to behavior

System Summary

barindex
Sample or dropped binary is a compiled AutoHotkey binary
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeWindow found: window name: AutoHotkeyJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir6892_1516477836Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir6892_1516477836Jump to behavior
Source: SecuriteInfo.com.FileRepMalware.26489.28570.exeStatic PE information: Resource name: RT_RCDATA type: DOS executable (COM)
Source: SecuriteInfo.com.FileRepMalware.26489.28570.exe, 00000000.00000000.859257743.000000014051B000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename. vs SecuriteInfo.com.FileRepMalware.26489.28570.exe
Source: SecuriteInfo.com.FileRepMalware.26489.28570.exeBinary or memory string: OriginalFilename. vs SecuriteInfo.com.FileRepMalware.26489.28570.exe
Source: classification engineClassification label: mal72.spyw.winEXE@26/490@74/14
Source: Help.pdf.0.drInitial sample: http://discord.gg/kyfd2mq
Source: Help.pdf.0.drInitial sample: http://discord.gg/KYfD2MQ
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeFile created: C:\Users\user\Documents\RotateJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeMutant created: \Sessions\1\BaseNamedObjects\AHK Mouse
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeMutant created: \Sessions\1\BaseNamedObjects\AHK Keybd
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeFile created: C:\Users\user~1\AppData\Local\Temp\85265766.iniJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeFile read: C:\Users\user\AppData\Local\Temp\85265766.iniJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: SecuriteInfo.com.FileRepMalware.26489.28570.exeReversingLabs: Detection: 26%
Source: SecuriteInfo.com.FileRepMalware.26489.28570.exeVirustotal: Detection: 39%
Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe "C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/watch?v=b-R38MGbZLo?autoplay=1&controls=2&loop=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1908,i,775039850859433551,646617981819744554,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2028 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=1908,i,775039850859433551,646617981819744554,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4156 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1908,i,775039850859433551,646617981819744554,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=3432 /prefetch:8
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/watch?v=b-R38MGbZLo?autoplay=1&controls=2&loop=1Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1908,i,775039850859433551,646617981819744554,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2028 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=1908,i,775039850859433551,646617981819744554,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4156 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1908,i,775039850859433551,646617981819744554,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=3432 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: iconcodecservice.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: winhttpcom.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeFile written: C:\Users\user\AppData\Local\Temp\85265766.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: SecuriteInfo.com.FileRepMalware.26489.28570.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: SecuriteInfo.com.FileRepMalware.26489.28570.exeStatic file information: File size 2672128 > 1048576
Source: SecuriteInfo.com.FileRepMalware.26489.28570.exeStatic PE information: Raw size of UPX1 is bigger than: 0x100000 < 0x27e400
Source: Binary string: _.y(FDb,sE);FDb.prototype.getAssociations=function(){return[]};_.AE=new _.V("reelNonVideoContentEndpoint");_.kq=new _.V("reelWatchEndpoint");_.BE=new _.V("reelItemRenderer");var GDb=new _.V("reelMetapanelViewModel");_.HDb=new _.V("reelNonVideoContentRenderer");_.IDb=new _.V("reelPlayerOverlayRenderer");var JDb=new _.V("shortsLockupViewModel");var KDb=new _.V("sponsorButtonViewModel");var LDb=new _.V("reelItemWatchResponse");var MDb=new _.V("textBadgeRenderer");_.CE=new _.V("buttonRenderer");_.DE=new _.V("toggleButtonRenderer");var y1a=new _.V("switchButtonViewModel");_.NDb=new _.V("confirmDialogRenderer");var ODb;ODb=new _.V("menuRenderer");_.PDb=new _.V("menuFlexibleItemRenderer");var QDb=new _.V("pollRenderer");_.RDb=new _.V("backgroundPromoRenderer");var TDb;_.SDb=new _.V("chipCloudRenderer");TDb=new _.V("chipCloudChipRenderer");var UDb=new _.V("dropdownRenderer");var VDb=new _.V("gridVideoRenderer");_.t4a=new _.V("itemSectionRenderer");_.WDb=new _.V("messageRenderer");var XDb=new _.V("sortFilterHeaderRenderer");_.YDb=new _.V("videoRenderer");var ZDb=function(){sE.apply(this,arguments)}; source: chromecache_540.2.dr
Source: Binary string: _.f.resetFlexibleItems=function(){var a;if((a=this.data)!=null&&a.flexibleItems){_.w("web_fix_missing_action_buttons")||this.hostElement.removeEventListener("yt-rendererstamper-finished",this.maybeUpdateFlexibleMenu);var b;this.flexAsTopLevelButtons=(b=this.data.flexibleItems)==null?void 0:b.map(function(c){return _.x(c,_.PDb).topLevelButton}); source: chromecache_540.2.dr
Source: Binary string: _.f.computeItems=function(a,b){if(!a)return[];var c=[];if(b){var d=(a.flexibleItems||[]).map(function(k){return _.x(k,_.PDb)}); source: chromecache_540.2.dr
Source: Binary string: m=!1;if(a){var u,v,B;m=(((u=a.videoPrimaryInfoRenderer)==null?void 0:(v=u.videoActions)==null?void 0:(B=v.menuRenderer)==null?void 0:B.flexibleItems)||[]).some(function(C){C=_.x(C,_.PDb);if(!C)return!1;var G,M;C=(G=C.topLevelButton)==null?void 0:(M=G.buttonViewModel)==null?void 0:M.onTap;if(!C)return!1;G=_.fs(C);if(!G)return!1;var L;return((L=_.x(G,_.tw))==null?void 0:L.panelIdentifier)==="PAyouchat"})}m&&(u=_.w4a("PAyouchat"),u.engagementPanelSectionListRenderer.targetId="PAyouchat",u.engagementPanelSectionListRenderer.visibility= source: chromecache_540.2.dr
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1

Persistence and Installation Behavior

barindex
Drops PE files to the document folder of the user
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeFile created: C:\Users\user\Documents\Rotate\ProfileEditor.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeFile created: C:\Users\user\Documents\Rotate\ProfileEditor.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeWindow / User API: foregroundWindowGot 355Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeWindow / User API: foregroundWindowGot 626Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeDropped PE file which has not been started: C:\Users\user\Documents\Rotate\ProfileEditor.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe TID: 6580Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/watch?v=b-R38MGbZLo?autoplay=1&controls=2&loop=1Jump to behavior
Source: ProfileEditor.exe.0.drBinary or memory string: "%-1.300s"The maximum number of MsgBoxes has been reached.IsHungAppWindowahk_idpidgroupclass%s%uProgram ManagerError text not found (please report)Q\E{0,DEFINEUTF16)UCP)NO_START_OPT)CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument is compiled in 8 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory"
Source: ProfileEditor.exe.0.drBinary or memory string: regk-hookm-hook2-hooksjoypollPART%i-%i(no)%s%s%s%s%s%s{Raw}%s%cHotstring max abbreviation length is 40.LEFTLRIGHTRMIDDLEMX1X2WUWDWLWRSendInputuser32{Blind}{ClickLl{}^+!#{}RawTempSsASC U+ ,LWin RWin LShift RShift LCtrl RCtrl LAlt RAlt sc%03Xvk%02XALTDOWNALTUPSHIFTDOWNSHIFTUPCTRLDOWNCONTROLDOWNCTRLUPCONTROLUPLWINDOWNLWINUPRWINDOWNRWINUPRtlGetVersionntdll.dll%u.%u.%u...%s[%Iu of %Iu]: %-1.60s%s\:\:HKLMHKEY_LOCAL_MACHINEHKCRHKEY_CLASSES_ROOTHKCCHKEY_CURRENT_CONFIGHKCUHKEY_CURRENT_USERHKUHKEY_USERSREG_SZREG_EXPAND_SZREG_MULTI_SZREG_DWORDREG_BINARYDefault3264LineRegExFASTSLOWAscChrDerefHTMLModPowExpSqrtLogLnRoundCeilFloorAbsSinCosTanASinACosATanBitAndBitOrBitXOrBitNotBitShiftLeftBitShiftRightAddDestroyNamePriorityInterruptNoTimersTypeONLocalePermitMouseSendAndMouseMouseMoveOffPlayEventThenEventThenPlayYESNOOKCANCELABORTIGNORERETRYCONTINUETRYAGAINTimeoutMINMAXHIDEScreenRelativeWindowClientPixelCaretIntegerFloatNumberTimeDateDigitXdigitAlnumAlphaUpperLowerUTF-8UTF-8-RAWUTF-16UTF-16-RAWCPClipboardAllComSpecFalseProgramFilesTrueAhkPathAhkVersionAppDataAppDataCommonBatchLinesCaretXCaretYComputerNameControlDelayCoordModeCaretCoordModeMenuCoordModeMouseCoordModePixelCoordModeToolTipCursorDDDDDDDDDDefaultGuiDefaultListViewDefaultMouseSpeedDefaultTreeViewDesktopDesktopCommonEndCharEventInfoExitReasonFormatFloatFormatIntegerGuiControlEventGuiEventGuiHeightGuiWidthGuiXGuiYHourIconFileIconHiddenIconNumberIconTipIndexIPAddress1IPAddress2IPAddress3IPAddress4Is64bitOSIsAdminIsCompiledIsCriticalIsPausedIsSuspendedIsUnicodeKeyDelayKeyDelayPlayKeyDurationKeyDurationPlayLanguageLastErrorLineFileLineNumberLoopFieldLoopFileAttribLoopFileDirLoopFileExtLoopFileFullPathLoopFileLongPathLoopFileNameLoopFileShortNameLoopFileShortPathLoopFileSizeLoopFileSizeKBLoopFileSizeMBLoopFileTimeAccessedLoopFileTimeCreatedLoopFileTimeModifiedLoopReadLineLoopRegKeyLoopRegNameLoopRegSubKeyLoopRegTimeModifiedLoopRegTypeMDayMinMMMMMMMMMMonMouseDelayMouseDelayPlayMSecMyDocumentsNowNowUTCNumBatchLinesOSTypeOSVersionPriorHotkeyPriorKeyProgramsProgramsCommonPtrSizeRegViewScreenDPIScreenHeightScreenWidthScriptDirScriptFullPathScriptHwndScriptNameSecStartMenuStartMenuCommonStartupStartupCommonStoreCapslockModeThisFuncThisHotkeyThisLabelThisMenuThisMenuItemThisMenuItemPosTickCountTimeIdleTimeIdlePhysicalTimeSincePriorHotkeyTimeSinceThisHotkeyTitleMatchModeTitleMatchModeSpeedUserNameWDayWinDelayWinDirWorkingDirYDayYearYWeekYYYYRemoveClipboardFormatListenerAddClipboardFormatListenerTrayNo tray memstatus AHK_PlayMe modeclose AHK_PlayMe%s\%sRegClassAutoHotkey2Shell_TrayWndCreateWindoweditLucida ConsoleConsolasCritical Error: %s
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\icon42.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\profilename ui.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\paypal gui.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\paypal gui with buttons.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\rotate gui base.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\rotate gui with buttons.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\rotate gui with log.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\rotate gui with buttons and log.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\rotate minimized.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\rotate minimized on.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\rotate minimized off.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\status1off.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\status1on.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\status2off.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\status2on.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\status3off.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\status3on.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\status4off.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\status4on.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\rotate on.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\rotate off.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\Skin\ItemBack.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\Skin\ItemGlow.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exeQueries volume information: C:\Users\user\Documents\Rotate\loc.png VolumeInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Spearphishing Link		Windows Management Instrumentation1
Browser Extensions		12
Process Injection		11
Masquerading		111
Input Capture		1
Virtualization/Sandbox Evasion		Remote Services111
Input Capture		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable Media3
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		12
Process Injection		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared Drive4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS2
File and Directory Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Software Packing		LSA Secrets11
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
File Deletion		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Extra Window Memory Injection		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1636714 Sample: SecuriteInfo.com.FileRepMal... Startdate: 13/03/2025 Architecture: WINDOWS Score: 72 31 www.williamrubano.com 2->31 33 williamrubano.com 2->33 35 6 other IPs or domains 2->35 49 Antivirus / Scanner detection for submitted sample 2->49 51 Multi AV Scanner detection for submitted file 2->51 53 AI detected suspicious Javascript 2->53 8 SecuriteInfo.com.FileRepMalware.26489.28570.exe 1 79 2->8         started        signatures3 process4 dnsIp5 37 williamrubano.com 109.106.250.110, 49681, 49727, 49904 NETNET-ASRS Serbia 8->37 39 7fw.de 37.120.188.94, 443, 49682, 49683 NETCUP-ASnetcupGmbHDE Germany 8->39 41 2 other IPs or domains 8->41 23 C:\Users\user\Documents\...\ProfileEditor.exe, PE32+ 8->23 dropped 55 Drops PE files to the document folder of the user 8->55 57 Installs a global keyboard hook 8->57 59 Sample or dropped binary is a compiled AutoHotkey binary 8->59 13 chrome.exe 2 8->13         started        file6 signatures7 process8 dnsIp9 43 192.168.2.13 unknown unknown 13->43 45 192.168.2.23 unknown unknown 13->45 47 192.168.2.7, 138, 27015, 443 unknown unknown 13->47 16 chrome.exe 13->16         started        19 chrome.exe 13->19         started        21 chrome.exe 6 13->21         started        process10 dnsIp11 25 142.250.184.238, 49689, 80 GOOGLEUS United States 16->25 27 142.250.186.132, 443, 49744, 49764 GOOGLEUS United States 16->27 29 14 other IPs or domains 16->29

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.FileRepMalware.26489.28570.exe26%ReversingLabsWin32.Phishing.Generic
SecuriteInfo.com.FileRepMalware.26489.28570.exe40%VirustotalBrowse
SecuriteInfo.com.FileRepMalware.26489.28570.exe100%AviraTR/Spy.Bobik.nelwe

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\Documents\Rotate\ProfileEditor.exe0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.williamrubano.com/upload/files/Rotate/Rotate.exe0%Avira URL Cloudsafe
http://jscolor.com0%Avira URL Cloudsafe
https://myaccount-staging.corp.google.com0%Avira URL Cloudsafe
http://jscolor.com/examples/0%Avira URL Cloudsafe
http://www.williamrubano.com/upload/files/Rotate/Rotate.ini0%Avira URL Cloudsafe
https://garlo.com/enapa2%3Fgc_id%3D20599670093&label=video_click_to_advertiser_site&ctype=1100%Avira URL Cloudsafe
http://mths.be/fromcodepoint0%Avira URL Cloudsafe
http://7fw.de/ipraw.php0%Avira URL Cloudsafe
http://purl.o0%Avira URL Cloudsafe
https://myaccount-autopush.corp.google.com0%Avira URL Cloudsafe
https://myaccount-dev.corp.google.com0%Avira URL Cloudsafe
https://oauth-redirect-test.googleusercontent.com0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
i.ytimg.com
142.250.186.54
truefalse
    		high
    beacons-handoff.gcp.gvt2.com
    		142.251.143.67
    		truefalse
      		high
      7fw.de
      		37.120.188.94
      		truefalse
        		unknown
        beacons2.gvt2.com
        		216.239.32.3
        		truefalse
          		high
          api.pushbullet.com
          		35.208.197.37
          		truefalse
            		high
            beacons.gvt2.com
            		142.250.180.67
            		truefalse
              		high
              static.doubleclick.net
              		216.58.206.38
              		truefalse
                		high
                youtube.com
                		216.58.206.78
                		truefalse
                  		high
                  williamrubano.com
                  		109.106.250.110
                  		truefalse
                    		unknown
                    youtube-ui.l.google.com
                    		142.250.186.110
                    		truefalse
                      		high
                      googleads.g.doubleclick.net
                      		172.217.18.98
                      		truefalse
                        		high
                        play.google.com
                        		142.250.186.46
                        		truefalse
                          		high
                          www.google.com
                          		142.250.186.164
                          		truefalse
                            		high
                            rr2.sn-p5qs7n6d.googlevideo.com
                            		173.194.7.199
                            		truefalse
                              		high
                              www.williamrubano.com
                              		unknown
                              		unknownfalse
                                		unknown
                                beacons.gcp.gvt2.com
                                		unknown
                                		unknownfalse
                                  		high
                                  rr2---sn-p5qs7n6d.googlevideo.com
                                  		unknown
                                  		unknownfalse
                                    		high
                                    www.youtube.com
                                    		unknown
                                    		unknownfalse
                                      		high

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      https://i.ytimg.com/generate_204false
                                        		high
                                        https://googleads.g.doubleclick.net/pagead/id?slf_rd=1false
                                          		high
                                          https://static.doubleclick.net/instream/ad_status.jsfalse
                                            		high
                                            https://googleads.g.doubleclick.net/pagead/idfalse
                                              		high
                                              http://www.williamrubano.com/upload/files/Rotate/Rotate.inifalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://i.ytimg.com/vi/b-R38MGbZLo?autoplay=1/hqdefault.jpgfalse
                                                		high
                                                https://api.pushbullet.com/v2/pushesfalse
                                                  		high
                                                  http://7fw.de/ipraw.phpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.google.com/pagead/lvz?evtid=ACd6KtyM0J1dYpHMqINeqBLpl-NBy_jwHubG-cgyjCx729vjvMiBCC9miLNWjw1k6RxwV36Ifva_ekuXb-171oupB6cYM6PSrw&req_ts=1741829310&pg=MainAppBootstrap%3AWatch&az=1&sigh=AB9vU42kyxR20IObZeLKUKtg8FMuJzzJOAfalse
                                                    		high
                                                    https://rr2---sn-p5qs7n6d.googlevideo.com/generate_204?conn2false
                                                      		high

                                                      URLs from Memory and Binaries

                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                      http://www.williamrubano.com/upload/files/Rotate/Rotate.exeSecuriteInfo.com.FileRepMalware.26489.28570.exe, 00000000.00000003.866977957.0000000003370000.00000004.00000800.00020000.00000000.sdmp, 60365164.ini.0.dr, 65503596.ini.0.dr, 82760448.ini.0.dr, 85265766.ini.0.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.google.com/get/videoqualityreport/chromecache_540.2.drfalse
                                                        		high
                                                        https://redux.js.org/tutorials/fundamentals/part-4-store#creating-a-store-with-enhancerschromecache_339.2.drfalse
                                                          		high
                                                          https://s.youtube.com/api/stats/delayplay?cl=chromecache_540.2.drfalse
                                                            		high
                                                            http://www.broofa.comchromecache_540.2.drfalse
                                                              		high
                                                              https://s.youtube.com/api/stats/atr?docid=chromecache_540.2.drfalse
                                                                		high
                                                                http://www.youtube.com/video/chromecache_540.2.drfalse
                                                                  		high
                                                                  https://autohotkey.comProfileEditor.exe.0.drfalse
                                                                    		high
                                                                    https://support.google.com/youtube/answer/9706180chromecache_540.2.drfalse
                                                                      		high
                                                                      https://support.google.comchromecache_540.2.drfalse
                                                                        		high
                                                                        https://www.youtube.com/embed/chromecache_540.2.drfalse
                                                                          		high
                                                                          https://www.paypal.com/cgi-bin/webscrPayment.html.0.drfalse
                                                                            		high
                                                                            http://jscolor.comjscolor.js.0.drfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://youtube.com/streaming/otf/durations/112015chromecache_339.2.drfalse
                                                                              		high
                                                                              http://polymer.github.io/AUTHORS.txtchromecache_540.2.drfalse
                                                                                		high
                                                                                https://www.youtube.comchromecache_540.2.drfalse
                                                                                  		high
                                                                                  https://www.google.comchromecache_540.2.drfalse
                                                                                    		high
                                                                                    https://www.youtube.com/iframe_apichromecache_540.2.drfalse
                                                                                      		high
                                                                                      https://www.youtube.com/s/chromecache_339.2.drfalse
                                                                                        		high
                                                                                        http://www.denso-wave.com/qrcode/faqpatent-e.htmlchromecache_540.2.drfalse
                                                                                          		high
                                                                                          https://www.google.com/get/videoqualityreport/?v=chromecache_540.2.drfalse
                                                                                            		high
                                                                                            https://www.google.com/recaptcha/api.js?trustedtypes=true&hl=chromecache_540.2.drfalse
                                                                                              		high
                                                                                              https://www.youtube.com/api/timedtext?v=chromecache_540.2.drfalse
                                                                                                		high
                                                                                                http://www.opensource.org/licenses/mit-license.phpchromecache_540.2.drfalse
                                                                                                  		high
                                                                                                  https://admin.youtube.comchromecache_339.2.drfalse
                                                                                                    		high
                                                                                                    https://www.youtube.com/api/drm/fps?ek=chromecache_339.2.drfalse
                                                                                                      		high
                                                                                                      https://redux.js.org/tutorials/fundamentals/part-4-store#middlewarechromecache_339.2.drfalse
                                                                                                        		high
                                                                                                        https://s.youtube.comchromecache_540.2.drfalse
                                                                                                          		high
                                                                                                          https://i.ytimg.com/an/chromecache_540.2.drfalse
                                                                                                            		high
                                                                                                            https://www.youtube.com/api/stats/ads?ver=chromecache_540.2.drfalse
                                                                                                              		high
                                                                                                              https://yt3.ggpht.com/ytc/chromecache_540.2.drfalse
                                                                                                                		high
                                                                                                                https://github.com/madler/zlib/blob/master/zlib.hchromecache_540.2.dr, chromecache_339.2.drfalse
                                                                                                                  		high
                                                                                                                  https://yurt.corp.google.comchromecache_339.2.drfalse
                                                                                                                    		high
                                                                                                                    https://myaccount-autopush.corp.google.comchromecache_540.2.drfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://viacon.corp.google.comchromecache_339.2.drfalse
                                                                                                                      		high
                                                                                                                      https://www.google.com/tools/feedbackchromecache_540.2.drfalse
                                                                                                                        		high
                                                                                                                        https://www.youtube.com/youtubei/v1/player?key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8&prettyPrint=fchromecache_540.2.drfalse
                                                                                                                          		high
                                                                                                                          https://www.youtube.com/pagead/interaction/?ai=Cchromecache_540.2.drfalse
                                                                                                                            		high
                                                                                                                            https://ad.doubleclick.net/ddm/trackimp/N1957659.127733GOOGLE-YOUTUBE/B29940965.366940103;dc_trk_aidchromecache_540.2.drfalse
                                                                                                                              		high
                                                                                                                              https://www.youtube.com/generate_204?cpn=chromecache_339.2.drfalse
                                                                                                                                		high
                                                                                                                                https://www.google.com/recaptcha/api.js?trustedtypes=truechromecache_540.2.drfalse
                                                                                                                                  		high
                                                                                                                                  https://apis.google.com/js/api.jschromecache_540.2.drfalse
                                                                                                                                    		high
                                                                                                                                    http://polymer.github.io/PATENTS.txtchromecache_540.2.drfalse
                                                                                                                                      		high
                                                                                                                                      https://s.youtube.com/api/stats/qoe?cl=chromecache_540.2.drfalse
                                                                                                                                        		high
                                                                                                                                        https://docs.google.com/pickerchromecache_540.2.drfalse
                                                                                                                                          		high
                                                                                                                                          https://support.google.com/youtube/answer/6276924chromecache_339.2.drfalse
                                                                                                                                            		high
                                                                                                                                            https://schema.orgchromecache_540.2.drfalse
                                                                                                                                              		high
                                                                                                                                              http://polymer.github.io/LICENSE.txtchromecache_540.2.drfalse
                                                                                                                                                		high
                                                                                                                                                https://www.youtube.com/chromecache_540.2.drfalse
                                                                                                                                                  		high
                                                                                                                                                  http://youtube.com/yt/2012/10/10chromecache_339.2.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://myaccount-staging.corp.google.comchromecache_540.2.drfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://mathiasbynens.be/chromecache_540.2.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://play.google.com/log?format=json&hasfast=truechromecache_339.2.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://youtube.com/watch?v=chromecache_540.2.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://github.com/dmoscrop/fold-casechromecache_540.2.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.youtube.com/ptracking?ei=chromecache_540.2.drfalse
                                                                                                                                                              		high
                                                                                                                                                              http://tools.ietf.org/html/rfc1950chromecache_540.2.dr, chromecache_339.2.drfalse
                                                                                                                                                                		high
                                                                                                                                                                http://www.youtube.com/chromecache_540.2.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://www.youtube.com/videoplaybackchromecache_339.2.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://jscolor.com/examples/jscolor.js.0.drfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://www.youtube.com/pcs/activeview?xai=chromecache_540.2.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://support.google.com/youtube/bin/answer.py?answer=140536chromecache_540.2.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://www.youtube.com/aboutthisad?pf=web&source=youtube&reasons=Achromecache_540.2.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxchromecache_540.2.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://garlo.com/enapa2%3Fgc_id%3D20599670093&label=video_click_to_advertiser_site&ctype=110chromecache_540.2.drfalse
                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://fonts.google.com/license/googlerestrictedchromecache_513.2.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://s.youtube.com/api/stats/watchtime?cl=chromecache_540.2.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://support.google.com/youtube/?p=missing_qualitychromecache_339.2.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://discord.gg/KYfD2MQ)Help.pdf.0.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://ad.doubleclick.net/ddm/trackimp/N444803.2428500DBMSITEID/B30029229.368252041;dc_trk_aid=chromecache_540.2.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://play.google.comchromecache_540.2.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://purl.oSecuriteInfo.com.FileRepMalware.26489.28570.exe, 00000000.00000003.1072738353.0000000006B5A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        http://i1.ytimg.com/vi/chromecache_540.2.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://support.google.com/youtube/?p=report_playbackchromecache_339.2.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://angular.dev/licensechromecache_540.2.dr, chromecache_339.2.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://tv.youtube.comchromecache_540.2.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://youtube.com/streaming/metadata/segment/102015chromecache_339.2.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://youtu.be/chromecache_339.2.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://support.google.com/chromecache_540.2.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://mths.be/fromcodepointchromecache_540.2.drfalse
                                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      https://www.paypalobjects.com/en_US/i/btn/btn_subscribeCC_LG.gifPayment.html.0.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://embeddedassistant-frontend-clients6.youtube.com/google.assistant.embedded.v1.EmbeddedAssistachromecache_540.2.drfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://support.google.com/youtube/answer/3037019#check_ad_blockers&zippy=%2Ccheck-your-extensions-ichromecache_339.2.drfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://yt3.ggpht.com/chromecache_540.2.drfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://apis.google.comchromecache_540.2.drfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://polymer.github.io/CONTRIBUTORS.txtchromecache_540.2.drfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://autohotkey.comCouldProfileEditor.exe.0.drfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://oauth-redirect-test.googleusercontent.comchromecache_540.2.drfalse
                                                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    https://studio.youtube.com/chromecache_540.2.drfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://myaccount-dev.corp.google.comchromecache_540.2.drfalse
                                                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                                                      		unknown

                                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                      35.208.197.37
                                                                                                                                                                                                                      		api.pushbullet.comUnited States
                                                                                                                                                                                                                      		19527GOOGLE-2USfalse
                                                                                                                                                                                                                      109.106.250.110
                                                                                                                                                                                                                      		williamrubano.comSerbia
                                                                                                                                                                                                                      		199493NETNET-ASRSfalse
                                                                                                                                                                                                                      173.194.7.199
                                                                                                                                                                                                                      		rr2.sn-p5qs7n6d.googlevideo.comUnited States
                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                      37.120.188.94
                                                                                                                                                                                                                      		7fw.deGermany
                                                                                                                                                                                                                      		197540NETCUP-ASnetcupGmbHDEfalse
                                                                                                                                                                                                                      216.58.206.38
                                                                                                                                                                                                                      		static.doubleclick.netUnited States
                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                      172.106.34.219
                                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                                      		40676AS40676USfalse
                                                                                                                                                                                                                      142.250.186.132
                                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                      172.217.18.98
                                                                                                                                                                                                                      		googleads.g.doubleclick.netUnited States
                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                      142.250.186.54
                                                                                                                                                                                                                      		i.ytimg.comUnited States
                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                      142.250.186.164
                                                                                                                                                                                                                      		www.google.comUnited States
                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                      142.250.184.238
                                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                                      		15169GOOGLEUSfalse

                                                                                                                                                                                                                      Private

                                                                                                                                                                                                                      IP
                                                                                                                                                                                                                      192.168.2.7
                                                                                                                                                                                                                      192.168.2.23
                                                                                                                                                                                                                      192.168.2.13

                                                                                                                                                                                                                      General Information

                                                                                                                                                                                                                      Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                      Analysis ID:1636714
                                                                                                                                                                                                                      Start date and time:2025-03-13 02:27:19 +01:00
                                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                      Overall analysis duration:0h 5m 40s
                                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                      Number of analysed new started processes analysed:18
                                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                                      Sample name:SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                                      Classification:mal72.spyw.winEXE@26/490@74/14
                                                                                                                                                                                                                      EGA Information:Failed
                                                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                                                      • Number of executed functions: 0
                                                                                                                                                                                                                      • Number of non-executed functions: 0
                                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 142.250.74.195, 142.251.173.84, 199.232.214.172, 142.250.185.138, 172.217.18.110, 216.58.206.67, 108.177.15.84, 216.58.212.163, 142.250.185.74, 142.250.186.42, 172.217.16.202, 142.250.184.202, 142.250.185.170, 172.217.23.106, 142.250.186.138, 142.250.186.74, 216.58.212.170, 142.250.186.106, 142.250.185.202, 142.250.181.234, 216.58.206.42, 142.250.185.106, 142.250.186.170, 142.250.186.46, 142.250.186.163, 172.217.18.99, 142.250.186.67, 142.250.110.84, 172.217.16.131, 142.250.186.110, 216.58.206.46, 142.250.185.206, 216.58.212.142, 142.250.185.110, 142.250.185.142, 142.250.181.238, 216.58.206.78, 4.175.87.197, 23.60.203.209
                                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): clients1.google.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, c.pki.goog
                                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                                      21:28:10API Interceptor3x Sleep call for process: SecuriteInfo.com.FileRepMalware.26489.28570.exe modified

                                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                                      IPs

                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      beacons-handoff.gcp.gvt2.comhttps://icsmik.ru/assets/images/ammmmmmm/zy.php?main_domain=http://mail.hdasan.com&email=hdasan@hdasan.com&subdomain=http://mail.hdasan.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 142.250.184.195
                                                                                                                                                                                                                      https://briefingmeetup.deGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                      • 142.250.180.99
                                                                                                                                                                                                                      https://rebrand.ly/1bbw71eGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                                                                                      • 142.250.180.67
                                                                                                                                                                                                                      http://mainwwlinkadmin041.z19.web.core.windows.net/winside/00Windbndktw0win11advance/index.html#Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                      • 142.251.143.67
                                                                                                                                                                                                                      baseball-lineup-21.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 142.251.143.35
                                                                                                                                                                                                                      http://journal.afebi.orgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 142.250.185.163
                                                                                                                                                                                                                      https://sites.google.com/view/rfdzxgffg/homeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 142.250.185.163
                                                                                                                                                                                                                      Robert Martin shared _Clarion Security _ with you {Ref _8589}.emlGet hashmaliciousInvisible JS, Tycoon2FABrowse
                                                                                                                                                                                                                      • 142.251.143.35
                                                                                                                                                                                                                      https://ipfs.io/ipfs/bafybeifbvu36kut5mx2cahzdxelyzulfz3gn6ptz5ul63rbub7ljlt3pjyGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 142.251.143.35
                                                                                                                                                                                                                      https://simplified.com/designs/cd97e327-288b-43f7-99e7-024626ab4a8c/share?utm_content=cd97e327-288b-43f7-99e7-024626ab4a8c&utm_campaign=share&utm_medium=link&utm_source=projectlinksGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                                                                                      • 142.250.184.195
                                                                                                                                                                                                                      beacons.gvt2.comhttp://mainwwlinkadmin041.z19.web.core.windows.net/winside/00Windbndktw0win11advance/index.html#Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                      • 142.251.143.67
                                                                                                                                                                                                                      baseball-lineup-21.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 142.251.143.67
                                                                                                                                                                                                                      https://sites.google.com/view/rfdzxgffg/homeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 142.250.180.99
                                                                                                                                                                                                                      Robert Martin shared _Clarion Security _ with you {Ref _8589}.emlGet hashmaliciousInvisible JS, Tycoon2FABrowse
                                                                                                                                                                                                                      • 142.251.143.35
                                                                                                                                                                                                                      https://simplified.com/designs/cd97e327-288b-43f7-99e7-024626ab4a8c/share?utm_content=cd97e327-288b-43f7-99e7-024626ab4a8c&utm_campaign=share&utm_medium=link&utm_source=projectlinksGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                                                                                      • 142.251.143.35
                                                                                                                                                                                                                      https://masterticrd.com.do/Get hashmaliciousAnonymous ProxyBrowse
                                                                                                                                                                                                                      • 142.250.180.99
                                                                                                                                                                                                                      http://americanlibertywatch.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 142.250.180.99
                                                                                                                                                                                                                      https://pinhgview.sbs/4gf42/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 142.251.143.67
                                                                                                                                                                                                                      REFUND STATUS.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 142.251.143.35
                                                                                                                                                                                                                      https://go.51.caGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 142.250.185.227
                                                                                                                                                                                                                      beacons2.gvt2.combaseball-lineup-21.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 142.251.143.35
                                                                                                                                                                                                                      https://sites.google.com/view/rfdzxgffg/homeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 142.250.75.35
                                                                                                                                                                                                                      Robert Martin shared _Clarion Security _ with you {Ref _8589}.emlGet hashmaliciousInvisible JS, Tycoon2FABrowse
                                                                                                                                                                                                                      • 142.250.199.99
                                                                                                                                                                                                                      https://simplified.com/designs/cd97e327-288b-43f7-99e7-024626ab4a8c/share?utm_content=cd97e327-288b-43f7-99e7-024626ab4a8c&utm_campaign=share&utm_medium=link&utm_source=projectlinksGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                                                                                      • 142.250.183.3
                                                                                                                                                                                                                      https://masterticrd.com.do/Get hashmaliciousAnonymous ProxyBrowse
                                                                                                                                                                                                                      • 142.251.42.3
                                                                                                                                                                                                                      https://go.51.caGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 172.217.169.3
                                                                                                                                                                                                                      Inv#8653763981_2sfgPaymentAdvice.svgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 216.239.32.3
                                                                                                                                                                                                                      https://marktmagie.com/auth8523796254hfdhsf734/ogo00dex.html#uiptcgcu@uiprail.orgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 216.58.212.163
                                                                                                                                                                                                                      https://www.directhealthcaregroup.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 142.250.69.3
                                                                                                                                                                                                                      .svgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 142.251.135.67

                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      AS40676USReport.ps1Get hashmaliciousAsyncRATBrowse
                                                                                                                                                                                                                      • 207.231.111.82
                                                                                                                                                                                                                      FSAvKBG0I5.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                                                                      • 207.231.111.146
                                                                                                                                                                                                                      https://xegan4.site/nD4M/dW5.xlsGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                      • 45.61.136.230
                                                                                                                                                                                                                      https://tjjrotk.bishirian.my/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 45.11.92.141
                                                                                                                                                                                                                      Theresa Badham_blmgmxdkjbwlx.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 45.11.92.141
                                                                                                                                                                                                                      Emma Sparkes_cmrdpkuyjxetud.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 45.11.92.141
                                                                                                                                                                                                                      https://t.co/mY98iSAcuvGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 45.11.92.141
                                                                                                                                                                                                                      Maria Sit_imccwzlgvfw.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 45.11.92.141
                                                                                                                                                                                                                      nklarm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 192.154.214.10
                                                                                                                                                                                                                      apep.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 38.39.193.136
                                                                                                                                                                                                                      NETCUP-ASnetcupGmbHDEySUB97Jq80.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                      • 46.38.243.234
                                                                                                                                                                                                                      xmGCsTzlDA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 46.38.243.234
                                                                                                                                                                                                                      ungziped_file.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 92.60.36.190
                                                                                                                                                                                                                      1YDqrpKZwA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 46.38.243.234
                                                                                                                                                                                                                      l46MzH3L15.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                      • 92.60.36.190
                                                                                                                                                                                                                      CP07E1clp1.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 46.38.243.234
                                                                                                                                                                                                                      1x165rHRi9.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 46.38.243.234
                                                                                                                                                                                                                      justificante de transferencia09454545.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                      • 46.38.243.234
                                                                                                                                                                                                                      yakov.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                      • 94.16.121.129
                                                                                                                                                                                                                      res.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 193.30.120.149
                                                                                                                                                                                                                      NETNET-ASRSx86_64.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                      • 109.106.253.255
                                                                                                                                                                                                                      http://www.heisateam.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 109.106.251.196
                                                                                                                                                                                                                      faBNhIKHq4.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                                                                                                                                                                                                      • 109.106.253.207
                                                                                                                                                                                                                      c5018a3915e8a9de41e083f7936c2d232b9a73ba41c8c07fb7b2d90d5f5d8e8e_dump.exeGet hashmaliciousSystemBCBrowse
                                                                                                                                                                                                                      • 109.106.251.156
                                                                                                                                                                                                                      Focus Insolvency Group.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 109.106.244.42
                                                                                                                                                                                                                      Chasebank_Statement_May lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 109.106.251.61
                                                                                                                                                                                                                      Focus Insolvency Group.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 109.106.244.42
                                                                                                                                                                                                                      https://sc8ea2khgjb.larksuite.com/wiki/UkrEwQZrniX2W9k8XnsuiGKMspe?from=from_copylinkGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 109.106.244.42
                                                                                                                                                                                                                      https://sites.google.com/view/scanned-files-f4eDI/google-pdf?file=Chasebank_Statement_May.pdf&fid=24808430Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 109.106.248.198
                                                                                                                                                                                                                      https://mailtrack.io/l/95aacca2537b6b72fbedc193596da82ad5881695#=Y3VzdG9tZXJzZXJ2aWNlQG9mZmljaWFscGF5bWVudHMuY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 109.106.244.42
                                                                                                                                                                                                                      GOOGLE-2UShttps://tb.boldntfst.shop/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 35.214.184.4
                                                                                                                                                                                                                      http://americanlibertywatch.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 35.214.136.108
                                                                                                                                                                                                                      https://nr.chadwickbarros.cl/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 35.214.184.4
                                                                                                                                                                                                                      https://mr.nerfcancun.top/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 35.214.184.4
                                                                                                                                                                                                                      https://url.za.m.mimecastprotect.com/s/Ivf4CP1JJ7tDgn1nTzfDUxKUj5?domain=pioneerselectricals.aeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 35.215.110.77
                                                                                                                                                                                                                      https://cdn-facxxx.b-cdn.net/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 35.207.24.13
                                                                                                                                                                                                                      https://cdn-facxxx.b-cdn.net/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 35.207.24.13
                                                                                                                                                                                                                      f492136216_mpengine_dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 35.208.249.213
                                                                                                                                                                                                                      ADFoyxP.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 35.212.192.196
                                                                                                                                                                                                                      updated quotation.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 35.206.102.58

                                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      a0e9f5d64349fb13191bc781f81f42e1SpaceCheatFort.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 35.208.197.37
                                                                                                                                                                                                                      Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 35.208.197.37
                                                                                                                                                                                                                      SpaceCheatFort.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 35.208.197.37
                                                                                                                                                                                                                      Aura.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 35.208.197.37
                                                                                                                                                                                                                      baseball-lineup-21.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 35.208.197.37
                                                                                                                                                                                                                      baseball-lineup-21.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 35.208.197.37
                                                                                                                                                                                                                      signed contract 01.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 35.208.197.37
                                                                                                                                                                                                                      PAYMENT ADVICE.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 35.208.197.37
                                                                                                                                                                                                                      Inquiry.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 35.208.197.37
                                                                                                                                                                                                                      Document.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 35.208.197.37
                                                                                                                                                                                                                      37f463bf4616ecd445d4a1937da06e19Bill Of Ladding & PL AWB No.1669134316.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                      • 37.120.188.94
                                                                                                                                                                                                                      Payment_Advise.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                      • 37.120.188.94
                                                                                                                                                                                                                      FAKTURA-P-4526485-2742747722-00043067#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                      • 37.120.188.94
                                                                                                                                                                                                                      4500149631.vbeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                      • 37.120.188.94
                                                                                                                                                                                                                      comprobante de pago.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                      • 37.120.188.94
                                                                                                                                                                                                                      comprobante de pago.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                      • 37.120.188.94
                                                                                                                                                                                                                      yJLckVp9HE.exeGet hashmaliciousFatalRAT, GhostRat, NitolBrowse
                                                                                                                                                                                                                      • 37.120.188.94
                                                                                                                                                                                                                      yJLckVp9HE.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 37.120.188.94
                                                                                                                                                                                                                      DTSSymmetryDLL.dll.dllGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                                                                                                      • 37.120.188.94

                                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\60365164.ini

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                      Size (bytes):206
                                                                                                                                                                                                                      Entropy (8bit):3.4873119016736696
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:Q+2lRcbLmRlcv5G6VlB6N4xxMTxlaRglWwEqkKlgDMRlAHDMRlAUA2vln:Q+2lqbucM64l+gJEqDl8wAjwABY
                                                                                                                                                                                                                      MD5:DE741837CC8EB3B50A4BA8B78DD1A8E2
                                                                                                                                                                                                                      SHA1:13AF4AF058560B9BF2786742BC0B91AFF5111CE5
                                                                                                                                                                                                                      SHA-256:C406D425C2D1778B132A55FE3893E92852976FC0C0A630AAC669CB1318CC13CC
                                                                                                                                                                                                                      SHA-512:6FC5F5FF2F93B5181668CFC1C5737639FF65CD26C8BB359AC63B6A493A9C52D2824E33E2F4C00FAF05ED33FA76A83F67C2A4F3C1E3DE0CC375B2CF7A3FE83C88
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Preview:..[.I.n.f.o.].....V.e.r.s.i.o.n.=.4...5.7.....F.o.r.c.e.U.p.d.a.t.e.=.0.....U.R.L.=.h.t.t.p.:././.w.w.w...w.i.l.l.i.a.m.r.u.b.a.n.o...c.o.m./.u.p.l.o.a.d./.f.i.l.e.s./.R.o.t.a.t.e./.R.o.t.a.t.e...e.x.e.....

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\65503596.ini

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):206
                                                                                                                                                                                                                      Entropy (8bit):3.4873119016736696
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:Q+2lRcbLmRlcv5G6VlB6N4xxMTxlaRglWwEqkKlgDMRlAHDMRlAUA2vln:Q+2lqbucM64l+gJEqDl8wAjwABY
                                                                                                                                                                                                                      MD5:DE741837CC8EB3B50A4BA8B78DD1A8E2
                                                                                                                                                                                                                      SHA1:13AF4AF058560B9BF2786742BC0B91AFF5111CE5
                                                                                                                                                                                                                      SHA-256:C406D425C2D1778B132A55FE3893E92852976FC0C0A630AAC669CB1318CC13CC
                                                                                                                                                                                                                      SHA-512:6FC5F5FF2F93B5181668CFC1C5737639FF65CD26C8BB359AC63B6A493A9C52D2824E33E2F4C00FAF05ED33FA76A83F67C2A4F3C1E3DE0CC375B2CF7A3FE83C88
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Preview:..[.I.n.f.o.].....V.e.r.s.i.o.n.=.4...5.7.....F.o.r.c.e.U.p.d.a.t.e.=.0.....U.R.L.=.h.t.t.p.:././.w.w.w...w.i.l.l.i.a.m.r.u.b.a.n.o...c.o.m./.u.p.l.o.a.d./.f.i.l.e.s./.R.o.t.a.t.e./.R.o.t.a.t.e...e.x.e.....

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\82760448.ini

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):206
                                                                                                                                                                                                                      Entropy (8bit):3.4873119016736696
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:Q+2lRcbLmRlcv5G6VlB6N4xxMTxlaRglWwEqkKlgDMRlAHDMRlAUA2vln:Q+2lqbucM64l+gJEqDl8wAjwABY
                                                                                                                                                                                                                      MD5:DE741837CC8EB3B50A4BA8B78DD1A8E2
                                                                                                                                                                                                                      SHA1:13AF4AF058560B9BF2786742BC0B91AFF5111CE5
                                                                                                                                                                                                                      SHA-256:C406D425C2D1778B132A55FE3893E92852976FC0C0A630AAC669CB1318CC13CC
                                                                                                                                                                                                                      SHA-512:6FC5F5FF2F93B5181668CFC1C5737639FF65CD26C8BB359AC63B6A493A9C52D2824E33E2F4C00FAF05ED33FA76A83F67C2A4F3C1E3DE0CC375B2CF7A3FE83C88
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Preview:..[.I.n.f.o.].....V.e.r.s.i.o.n.=.4...5.7.....F.o.r.c.e.U.p.d.a.t.e.=.0.....U.R.L.=.h.t.t.p.:././.w.w.w...w.i.l.l.i.a.m.r.u.b.a.n.o...c.o.m./.u.p.l.o.a.d./.f.i.l.e.s./.R.o.t.a.t.e./.R.o.t.a.t.e...e.x.e.....

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\85265766.ini

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):206
                                                                                                                                                                                                                      Entropy (8bit):3.4873119016736696
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:Q+2lRcbLmRlcv5G6VlB6N4xxMTxlaRglWwEqkKlgDMRlAHDMRlAUA2vln:Q+2lqbucM64l+gJEqDl8wAjwABY
                                                                                                                                                                                                                      MD5:DE741837CC8EB3B50A4BA8B78DD1A8E2
                                                                                                                                                                                                                      SHA1:13AF4AF058560B9BF2786742BC0B91AFF5111CE5
                                                                                                                                                                                                                      SHA-256:C406D425C2D1778B132A55FE3893E92852976FC0C0A630AAC669CB1318CC13CC
                                                                                                                                                                                                                      SHA-512:6FC5F5FF2F93B5181668CFC1C5737639FF65CD26C8BB359AC63B6A493A9C52D2824E33E2F4C00FAF05ED33FA76A83F67C2A4F3C1E3DE0CC375B2CF7A3FE83C88
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Preview:..[.I.n.f.o.].....V.e.r.s.i.o.n.=.4...5.7.....F.o.r.c.e.U.p.d.a.t.e.=.0.....U.R.L.=.h.t.t.p.:././.w.w.w...w.i.l.l.i.a.m.r.u.b.a.n.o...c.o.m./.u.p.l.o.a.d./.f.i.l.e.s./.R.o.t.a.t.e./.R.o.t.a.t.e...e.x.e.....

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\ip.ahk4.me

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:HTML document, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):253
                                                                                                                                                                                                                      Entropy (8bit):5.133732599358183
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIRVKq8oD:J0+oxBeRmR9etdzRxGezHLKq8+
                                                                                                                                                                                                                      MD5:2D2F7ECC18ABD80A728E72264A751EDE
                                                                                                                                                                                                                      SHA1:E6E349B45A1907B4DFFA4652947F5BFDC707B50C
                                                                                                                                                                                                                      SHA-256:FFEA35D8CD8251777C8E2FA81A7032ED640FA63B461C3EE3731DAF33A9C46CB0
                                                                                                                                                                                                                      SHA-512:3257D246FCC0A187447108FD9772F885AF341B50EFE479CEC16AF236E60699D317A62D65968AF7ABBF4F4C8A4A29330D88050B5F64BE4BB4A4ED1D6B618210EC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<hr>.<address>Apache Server at 7fw.de Port 443</address>.</body></html>.

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\Add.ico

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:MS Windows icon resource - 9 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):193813
                                                                                                                                                                                                                      Entropy (8bit):4.990794644426088
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:2YWZ6hQ6rWP8ruxMGGc2HMHkryZfZk1TwvrYQ/l9dm/:2YMR9TxMGnrP2wvrYulzW
                                                                                                                                                                                                                      MD5:8FB87CCBFC54BFEF82BD673247DEA681
                                                                                                                                                                                                                      SHA1:3938C7F0B0E62F5F626BC5552557F4289F09EE89
                                                                                                                                                                                                                      SHA-256:B1FEB1760905DB1A1D1DE293E86B4CBCFB41A8185E12575DE434DA09EB3502C4
                                                                                                                                                                                                                      SHA-512:FC81D1C841165A26E496C8C3EB89CA7233076C541649CEF0290832A13E699DDE97426ACD43752CAFDF8C37C059AB92648631CCCFC48269D47EB402BB2A0342D7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Preview:............ ..|............ .(...U}..``.... .....}...HH.... ..T..%...@@.... .(B...n..00.... ..%..... .... .....}......... .....%......... .h........PNG........IHDR.............\r.f....pHYs..........o.d.. .IDATx..y.%.Y........zU.j/U...............m`<`.1...1G0.9,.0 y@.X.f.a.....a;X...3...KBHj...Rw.....k.W..rofF|.Gl_D.}..r_5.~...........%...f4...hF3..f4...hF3..f4...hF3..f4..}.........u.;!..u.........Y...$......._.]./.V.k4..Q"}.........a^....D.o....6......e!.9)......2+......?~...v.30x.......e|. ..w..W...|[..o........hPCi..j.4.4....p..1L/..g...BB........g.r.!........_......7?...P.P....^.4...19........\..I).s........D&$@@C.*5.H.P.!.j.Z.QS.....6.tH..-@@"...,P............Y.RJ......B.....O|..}..o?.`...3..EH3.x..S...]....C..G..}.+..X..C/.A.......6C..6..-l...*..........3i..) .._.....A>. .. w.y...D.rd2.&B...............t..K/...h..z/.rF;...^dDD..>..........?.[=qx.(V...T........H.1l...-l.[.n6...0l...l..m.z...DZ@.........0..a.X..?W...a..C/.....}....Hmc....j..b...?..O

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\CustomProfiles\Blank Profile.ini

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:Generic INItialization configuration [Priority1]
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):335
                                                                                                                                                                                                                      Entropy (8bit):4.914771497864784
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:lI5vN4IODoQaWKvk+KvD3N3DplN3rjFyp4M3DM3rjObyOwOnamw2hAqgyBkL1:lsvj1QTT/pJjZljOpwVmwXqgyA1
                                                                                                                                                                                                                      MD5:3B317EE8021C785EEF02D8DC50020C61
                                                                                                                                                                                                                      SHA1:F70BED77DC583C8AC57B3837858AE89B9BAA7E21
                                                                                                                                                                                                                      SHA-256:716C28788C95B8895A7F159EDD302451FD6EF1C10B3B5227E21B4D5CCAC68027
                                                                                                                                                                                                                      SHA-512:DDF32EACF5E2F613F1F85E9137DE011D6531375A0127AE926D6D85371E70FD158079CFF575C4C8A20D1248AE813FC8476C5AE2AD79BD85325040A91AF31CEE62
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Preview:[Settings]..Color=00FF00..[Priority1]..Name=New Ability..NotOnGCD=0..Hotkey=NOT SET..HotkeyCode=..IsACooldown=0..LTHealthReq=0..LTHealthReqAmt=0..LTManaReq=0..LTManaReqAmt=0..GTHealthReq=0..GTHealthReqAmt=0..GTManaReq=0..GTManaReqAmt=0..EnemyCountReq=0..EnemyCountReqAmt=0..RangeReq=0..DelayAfter=0..DelayAfterMS=0..Enable=1..Debug=0..

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\DeleteProfile.ico

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:MS Windows icon resource - 23 icons, 48x48, 2 colors, 32x32, 2 colors
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):337343
                                                                                                                                                                                                                      Entropy (8bit):6.7935512195591965
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:BDpzLeonzjPkYAnJYYqxmRPVfSpHcJtQJuYdheyN:B9LhMnJYYNRPVfS1cJtCBN
                                                                                                                                                                                                                      MD5:7D3187429CE752EA5DE66F47E4E6A578
                                                                                                                                                                                                                      SHA1:1ACB44B27D1B463995CDB32B71D7956BCDC098D0
                                                                                                                                                                                                                      SHA-256:DE445AE37B3AF2E6077D7AA08E116FBF60FEDC40EFC59181D466F6A8C9E925B8
                                                                                                                                                                                                                      SHA-512:CF109407FE59FAF2ADDF63E249241C9C799F3EA0FE4CCBF41D662B18A5E76A742FEB25857EF86D88FD2899809C5B732B0EEEF601D3CD6A5989905B318117DABB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:......00......0...v... ......0...............................|L......00......h....S.. ..........jY..............R\..........(...:^..............b_..00...........+.. ...........9..............[B..........h...#I........ ......N........ .(....F..``.... .....?N..PP.... ..g......HH.... ..T...J..@@.... .(B..W...00.... ..%...... .... .....'......... ............... .h...W!..(...0...`...................................................H.......%.......P........ .......P...;...H..._.Gj....o...(.....U....W.j.......[v.....T.....j.+u......n.......[.J..._uo.j...o._....._.k.X..........._.......U.{...........J..W...._..m`...o.......[........].@......`..................................u...................`...m.......[.o............W._.....z..o@...M........._....+].......................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\Download.ico

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:MS Windows icon resource - 9 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):167451
                                                                                                                                                                                                                      Entropy (8bit):3.6016410577098923
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:wzd+xoGAPWHHir6oETas8fW7kk9kkkkk9kkkkkk9kkkk6kkOkkkkkOkkkkkkOkk1:w0GaHW6owaLW2WPfjI188c
                                                                                                                                                                                                                      MD5:27E2DCB884C4E747302D4E39C5D115F5
                                                                                                                                                                                                                      SHA1:A4CD0C9803303DB54A00CE9912F19602D65DACED
                                                                                                                                                                                                                      SHA-256:6A6F46BCC1778E38D70DBB41579830915B83B28F538479066D1BF0B1DFE8D720
                                                                                                                                                                                                                      SHA-512:9531B7CC4C9A2F07D01160D3D20DE5FDCB688F811FF961EF60F62CFC298F714DC515BA12EA46028C26FB1D940119B233FDA402C358B74A9E90D23A5DC20CE6C7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:............ ............... .(...[...``.... .........HH.... ..T..+...@@.... .(B......00.... ..%...I.. .... ......o........ .....+......... .h........PNG........IHDR.............\r.f....pHYs..........o.d...wIDATx...}..U~...3y.emk[Y.U.-..B.6..&.>sG-...BG..B..(X04.-(t.K....J.,.4Bf2/..y.....nJ..R..&.If.I2.........97w^..y...,..=1z..=.{...w.".V..y....;........p...yM.8..c..f.;9.?............<..6..!....8{..a...:....?../...p.......3...\q..b.l......@.......f....0..v..@..?....8.M...aTt.......r.,.s.<.........N..........Nd............A;. x.u.....F..-.T*...N....;.5........u.n..]&0....q.w... .....c..".1..<."mp.Nq...d...-F@q0.... .......\...<..Hb..y..@.1.....6..7.R...p S.q.@.1......;.....h...b.ti.....h.AB>.5.".1.....1..#..$......D.c..y..@.1..h.......8. ..g.mq.P...$q.@.`..1..<.. .p.... .....c.."..6..|[...`.......EQ....4.@.E....0...W..9@...-......... op..1..<.. .p.... .....c..".1..<.}.m.Qqp.P.g.D....k8w.......mq ....i\..y..@... ..@.1......D.c..y...)..^..n.Ha..... Q.p.@.1......8..

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\Help.pdf

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PDF document, version 1.4, 7 pages
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):438736
                                                                                                                                                                                                                      Entropy (8bit):7.981673927798004
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:UItvUxB+LVjd9PDPJw1m3R3B+M7jjw1gsQHC+FZAlo:UItIB+xzrPJw14V7XmgsJWqlo
                                                                                                                                                                                                                      MD5:32FB9D3F69E3FDFF6B892DA7D4BD5430
                                                                                                                                                                                                                      SHA1:F393DEF7D3337FC7279FB2C2313D09ACE561023A
                                                                                                                                                                                                                      SHA-256:2B3CCB999359099657BBD5DAFA7B15EFD5FB831CD911B3F56CF41CAA5018600A
                                                                                                                                                                                                                      SHA-512:AEFE4DEE3D585EF6BBD1DD592F3DDC9B282B627E15606870D879D8EAF53DE408CACA4D7A1FFB0CCDCEE0B87ED5475658A57860ABDC5DB0F4ABA5CE61DCCF4E9B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:%PDF-1.4.%.....2 0 obj.<</Length 3 0 R/Filter/FlateDecode>>.stream.x..W.n.0...+x. ..|I. .N..5..S_@Q.H.....,Kr$'.....pw...K..4~.X......;..}...l{..".@.(...b..?....j..h+...M..\z..E.....c.;d...TV...mVVl.U..~.}...v.=Pp.......\6..jr@.z..M..7......"S..n$r.....NS.H.g#.q.m.&.7H...j.(.'..._.Rr...Q...0..SF8.\...>.*'|tRd,..?.......$...<..#v..P.....A.eZ.,..-[....Ea..i$h.M..43..IU.%).[..1VL`.y....1.c:...-..X..'49....bk..b+E..2.._1.....h-a.o...,.H...p.S...&....@..D...4.k....1.-.7q......[R..zk.$...c...=[r..[...T...PA....*~..*u..`...b.z..G..<..1.E.6[xE...QD....F2.,Foq.i$D,..$.H..aY$.....f.J....8(..._.%..kI.P.....9.<&.R.N....=...wr.....e.&...>..2Q..{}....}....#..2bZ.c...x.w.%.h..L.I.....*...}.....Vl...v.|U.`Y...b.^R..:.uzL"..r.{8.o.A{.Q/(.!.mU.%.e}....p+.d..S]...}F.:..-#~C.P...i.1.k..t.Va.u..o..`. ....b..'...(.$......x.11.$38.w.......u$..w.NV=.S)......?`y.$.endstream.endobj..3 0 obj.836.endobj..4 0 obj.<</Type/XObject/Subtype/Image/Width 128/Height

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\Logs\03-12-2025-LogFile.txt

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):130
                                                                                                                                                                                                                      Entropy (8bit):4.158317227205323
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:9/dfs1QQML963JfV7RFA/M29fN3JfVFA6TGN8n:1VmFMqJpjARJoCGN8n
                                                                                                                                                                                                                      MD5:490C460B468D43BFE41DC2BA310C5599
                                                                                                                                                                                                                      SHA1:9A766CF8B99041A756FD24720F42E7884233E5DA
                                                                                                                                                                                                                      SHA-256:2B20B36139D55F650E3C5CC9913EE1FA8A96070039560D5E114F5278625EAD53
                                                                                                                                                                                                                      SHA-512:AD04B2CEBE1C9E73F93066D88756FFBE1DFC9957398232ECBE54349BB5A15F97CD43AB51B3EDEAA05E147751E65FB6CE3D8BDA975A39FC8765C59F0ED02F41E1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:..21:28:50.010 : ----------------4.57---------------..21:28:50.166 : WoW not running..21:28:50.166 : Started successfully

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\NewProfile.ico

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:MS Windows icon resource - 23 icons, 48x48, 2 colors, 32x32, 2 colors
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):331385
                                                                                                                                                                                                                      Entropy (8bit):6.799455671265877
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:m6KycbB7qwndojDkwvNJMXDa46ZkZYMB4W0A5+lYSbwR/ey5pRAitmHY+zflWH:y/ZqwyjDkwvNSXDa4OyyW0A5cDQ2y5Eu
                                                                                                                                                                                                                      MD5:1314E96F105796873C16771CBEC8F0A9
                                                                                                                                                                                                                      SHA1:E11A70CED7DC777A6037A8D1183DAF958B3F1A82
                                                                                                                                                                                                                      SHA-256:85E3D32C82AFC7B42F387820773477426F3E20B7E47934EBC9A9607F519F2D1C
                                                                                                                                                                                                                      SHA-512:548E98CFF139137C913446810CBCDA23FCBDF6BD2E30B6E897525EF965948155297CEDCF5BD025242700CFAD534E066811A9EA0E87D90909C8E5A52FF61C3872
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:......00......0...v... ......0................................Y......00......h...._.. ...........f...............h..........(....j...............l..00.............. ...........-..............c6..........h...+=........ .>....B........ .(.......``.... ......6..PP.... ..g......HH.... ..T...3..@@.... .(B......00.... ..%..9... .... ............... ............... .h.......(...0...`............................................................................ ...........;......._.......o...............W................@......j..........H........ ..._.......o.......]."........-...._...$....d.......*".....U... ..._..T....W.D.`.....Q. ............._....._.W.............~..`...{..@....w..`.........................kok....]........}[............-.k.......~....;[........]..............................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\Payment.html

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1004
                                                                                                                                                                                                                      Entropy (8bit):5.248961550903824
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24:DLG2bKnslUUnYy4Gj6inRXcnRfM//L5ht:Dy24DGjxO+Lzt
                                                                                                                                                                                                                      MD5:8898B11F8581BBBAD61E28B5445DB050
                                                                                                                                                                                                                      SHA1:930CDF1D2C39290C64A5E0E28A23AED283C4E456
                                                                                                                                                                                                                      SHA-256:C78297F05CF5F4413DBB4A1D447DE81041497D6F6F9196C71ABF7F72CD81A90C
                                                                                                                                                                                                                      SHA-512:8D1EF6ADDBED591083C5D77408FA37E7BF7E71513766003E5445E6BEEE263EDC5BD4376924BEB6C8EDAB2434E5DAEA0B662CE772E76491AA7E445BA37E64E5ED
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<html>..<head>..</head>..<body bgcolor="#202020">..<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">..<input type="hidden" name="cmd" value="_s-xclick">..<input type="hidden" name="hosted_button_id" value="SJL5Q5TS4WYJ6">..<table>..<tr><td><input type="hidden" name="on0" value=""></td></tr><tr><td><select name="os0">...<option value="One Month">One Month : $4.99 USD - monthly</option>...<option value="One Year">One Year : $49.99 USD - yearly</option>..</select> </td></tr>..</table>..<input type="hidden" name="item_number" value="5953D6781E69A177">..<input type="hidden" name="custom" value="5953D6781E69A177">..<input type="hidden" name="currency_code" value="USD">..<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_subscribeCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">..<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">..</form>..</body>..</h

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\ProfileEditor.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1121280
                                                                                                                                                                                                                      Entropy (8bit):6.462169327590514
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24576:nZf+y/bw1H16evoaIaiEvl9KWm3zBPnvV9LFDbyfE:nNt/M1H16haIaiEDKZzB3V9Lxr
                                                                                                                                                                                                                      MD5:BDA10098B355000E1541B735AB632601
                                                                                                                                                                                                                      SHA1:2CFD33B3BAA17CD2E729CBEDC83B632BDA3D23AA
                                                                                                                                                                                                                      SHA-256:4A964EE9CD64B343BA786087DCD5F75D200EAAD069CE373C919063D048B08F07
                                                                                                                                                                                                                      SHA-512:CED174919E0B630BD9CF94CCDD3B0BBA88200FB97AEF8D2AAFD073EE663092780C93BCECEC94303F201B0C5F99D5BFC18C102CCE8C3E835A11C78FA220DEF001
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E;...Z...Z...Z....U..Z....W..Z....V..Z..:....Z..:...)Z..:....Z..."'..Z..."#..Z..."7..Z...Z...[.......Z......+Z....[..Z.......Z..Rich.Z..................PE..d....O.X..........#..................7.........@.......................................... ...@..............................................r...............`...n..................0...8.......................(...p................ ..@............................text............................... ..`.rdata....... ......................@..@.data...$........8..................@....pdata...n...`...p..................@..@.gfids...............<..............@..@.tls.................>..............@....rsrc................@..............@..@................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\Rotate.ico

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46815
                                                                                                                                                                                                                      Entropy (8bit):7.978200891851541
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:77Z/O7wXYEPDUTBSnpIkwL71Rjhu3zCrIVf48j63JPe4jv134kzIE6Nh3TTYHS2:7tVXY3IpDw31RjhujCr+4GCPe4poUIEB
                                                                                                                                                                                                                      MD5:8CFDE72AF7F120292411CC6CDBFE8018
                                                                                                                                                                                                                      SHA1:7780249FBF95BEEFB9BE0DA59C3F7CF9133E1616
                                                                                                                                                                                                                      SHA-256:212BC9823EB7F3425953AD0AD788087BC2190748B30AF19611CAFC553CF084D9
                                                                                                                                                                                                                      SHA-512:CBDB32E725B02B52AD715740B931CB2AF2FF8B58E68BD3083FF6D888F247BC0EE830EA72C0EAD90FF743DCF7FDD3646CE5B59507C670ED624D0AEE7E86CB546C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:............ .........PNG........IHDR.............\r.f....IDATx...w.dYr.~..t.}W{.=............$A#.... ..hDQ..=.z|.ER.D..A..@."D`..-...q;....7....}e.....s....r.U.?.3.2.<'N._.Bx(wR...n`/0.t..k.......@.o....u......Q.V....#~.o..y(w.......q...-.d..;..`..x/....u...v~..k.D........H....}...I`..'V.E..PTX...)....P..v..}".lr..V.}.q.6.....6P?...k...{.@.6AC...<.X..A..(P.-a...,...0..b..M...f........C..>Iq...M..l......S{...f.7.9..../.j..,0...)...mB`N`Q....m.V....~...`...............h.V.>.M.`Y..I\........0.c.7..)\...\..[q.......`e..M...^.^`....~...bf.r...e.U..*P.{..U].o~.L|.8.:..+...$..>....'..._(....q.X.`...p..".%.#.s...VTsG..wx(..<T.......xZm;...i.h.mUh.i...nf..-`>..0.2.,..I....?W....^T{..w....&rV.c....b.s...]...;@v..>. ....`.YC;oY...K.. ..5.s.....eX....>.._.f.b..r.W|`.8.<.<-...W......^...~.....S...6L|IL|.....m+..T.....^..I_S. 9SP....;.b..jnJ..'C..(...8..I..cT........2...Z.......j..Z.Rl...~.qX......C..D.L.....&...AL.D.}f..@.....|....5`L.Y`...T.....0...@E.Z.

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\Rotate.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):36691
                                                                                                                                                                                                                      Entropy (8bit):5.951174040113805
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:UeE2/Anb+RU2MtOAn03LgQpusKDnPFdd6+Wi+ud8/WLiDQh59SZ0v:nEv+RGt7n03Tyvl8+Lj593
                                                                                                                                                                                                                      MD5:6CEADCBDFCDFEB48EDFD4768A1C499CA
                                                                                                                                                                                                                      SHA1:B03CE52CCF872FFF9E95E0078EF0E70C6C298800
                                                                                                                                                                                                                      SHA-256:2B7B2F72D2D9BE3BD34DDC882D1A905AD9F7F9EF06D36A27D0513ADA4005882E
                                                                                                                                                                                                                      SHA-512:0CA8704E0CF8B76D982B3C527793732B24FB2E669328E9C0E04A0EF19712E4F7A5E708304A1291CC626BAE6C46C69A9ED15392CF5437BDFE72CEE57A6FC93FE2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR.............\r.f....pHYs...............A.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2015 (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2018-11-24T22:33:56-05:00</xmp:CreateDate>. <

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\Skin\ItemBack.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 68 x 68, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):8954
                                                                                                                                                                                                                      Entropy (8bit):7.795856471928461
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:/kknPcbYnzSpJ/xAvFBhoXps+1ROhrkn+3Vy7zbkPe8nE:fnPOYnOp9xe/h00h8eef1
                                                                                                                                                                                                                      MD5:E6D6D7C11FD19DE2F8F6617E9010EF68
                                                                                                                                                                                                                      SHA1:9327E7F738562D7A856C271384F3F1633F99DDA0
                                                                                                                                                                                                                      SHA-256:6B95D1794EAC52826D6892ED861163076441533185057294CB33F9D3C36D415E
                                                                                                                                                                                                                      SHA-512:3CEC0F2B77A6878DFD9EF10E282F1AC1417EEFF126D1035E6F341409B4562A5C4A3E71C69F1D44B92B63B4362811DA966C1A122E588333CC2FC91E34E48ED752
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...D...D.....8.......pHYs..........+......iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)" xmp:CreateDate="2018-05-01T20:54:39-04:00" xmp:ModifyDate="2018-12-31T21:11:28-05:00" xmp:MetadataDate="2018-12-31T21:11:28-05:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:f2664580-4b3c-3041-9b9d-4a9

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\Skin\ItemBackOff.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 68 x 68, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):9424
                                                                                                                                                                                                                      Entropy (8bit):7.791347847032446
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:kkknPw/j1bYnz/mk/GV218z61gH2U4sSE/UVTlczp1ZbmFTKXM865/QVf7hBVn:YnPqYnapV0822WU4LWITlibmxPQf3
                                                                                                                                                                                                                      MD5:2791BC4F9BCE53CFE45675E820F117E5
                                                                                                                                                                                                                      SHA1:41DA784AB01B1E6384D1B82EF6286800E69A6901
                                                                                                                                                                                                                      SHA-256:09777B87E3D8B30FE4DC17E7EC53015178BB93060D130D4258E592911EE62DCB
                                                                                                                                                                                                                      SHA-512:B57CAFF0E8EBF6DCA3D54131BC1F8316356C30A9051AA941AB3DCD3CB4BD44575B5790FC8975154FD0F2CAA7EE6AB70517DDC47C76A049BF4A8B9284EB64E8D5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...D...D.....8.......pHYs..........+......iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)" xmp:CreateDate="2018-05-01T20:54:39-04:00" xmp:ModifyDate="2018-12-31T21:11:50-05:00" xmp:MetadataDate="2018-12-31T21:11:50-05:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:3257d575-c570-c040-b67e-c31

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\Skin\ItemBackOn.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 68 x 68, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):9647
                                                                                                                                                                                                                      Entropy (8bit):7.791731523998767
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:kkknPsbYnzj8lyb41icmR9hUyuBOAwuCB27W/PulGaJbMW:YnPeYnn80b4Y9kQAwl87W/Pm5
                                                                                                                                                                                                                      MD5:A60D9DC8492FFC0E9254BBAA7856135C
                                                                                                                                                                                                                      SHA1:1924EA90FF486C183B124CA8F4B0A3B113F4DA8B
                                                                                                                                                                                                                      SHA-256:1DDBE3A8469F9C31F848E56331CEDAEAE241FAFA0EFC9E445B1C6B48581EDA57
                                                                                                                                                                                                                      SHA-512:7019035C49E033C2A8832E30509E1909BD25F73634C0890EB9722F55BB94E626ABE22A5D36F7C4BF3BF743F3DB0CA43CA3057A0029A3E6536713AD8AB8AB22EC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...D...D.....8.......pHYs..........+......iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)" xmp:CreateDate="2018-05-01T20:54:39-04:00" xmp:ModifyDate="2018-12-31T21:16:21-05:00" xmp:MetadataDate="2018-12-31T21:16:21-05:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:81d55655-ceaa-324e-af4d-c28

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\Skin\ItemGlow.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 216 x 213, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5205
                                                                                                                                                                                                                      Entropy (8bit):7.846365987513528
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:7WfvER3tfCes5S/BKBgGFVAAT+MqeNvGq1B8fbyxI1uMOG3otijh:7WXEFtt/sFGW+FLCI1uDG36ijh
                                                                                                                                                                                                                      MD5:631D44C4CF87CF3D4FC270E0F89CA5B2
                                                                                                                                                                                                                      SHA1:DDE90F0D215D177BDCB7949C4D1D42AA96C00A0B
                                                                                                                                                                                                                      SHA-256:29F0EDFE6DAAA36716D768A4C62464CAA8CE6C11FA81C5A63690644617C17A92
                                                                                                                                                                                                                      SHA-512:5B2353A0DAE110458E4FF05225FDDB7189E8C27BDE48A863A6061F9CF72C8D37F632889BD1A0372CAB583F061A3619EC1E7ABBCD0B558EF333CE0DAD613F577B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR.............5.>3....gAMA......a.....pHYs.........8.S$....tEXtSoftware.Paint.NET v3.5.5I.......IDATx^..5E...w........." .D@.... I..$)A.....$...Pd. ......w.........;.....Pu....t..w.w.u...4.M@...4.M@...4.M@...4.M@...4.M@...4.M@...4.M@...4.M@...4.M@...4.M@...4.M@...4.M@...4.M@...4.M@...4...|i.s.....k...@.(.+.C..+......z~.........<h(j...$.....lt.&..@).GPX.I.pI 5......Z.(....k.P.h......+E.@k.]..q.u.>o.j.Z.LV..H.y ........&."}...r.[w./......I-.nB....u}j...m0..AkB1...f.....o..L..<.&..P....6.Z.....fT....<./x..9......&...>).......&S...6.........|..].......=.Mml..."{....c.}...~..-.^=B.....d..,.u....h!6.l.....}...d.....B......o.f.$\m...N=@.?..........&.C>........'i/.w.KAB....7..V.[..u..._......c........br...v.....y....6...3.....AD.y.Pp.}h.r.....vz+S..Il.n..f6...r..6|mc.XV.p..U}.....=......... Hu.....>.`..+.0.w$.M^;Lok........v..%..,.`C..*.;.>.Wkw..ak...M...\.M.`.!.., ..x.f..;.`T0.._...\....?....w\.v..aj......'......X..B...v.8

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\Skin\MenuBack.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 305 x 306, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):68621
                                                                                                                                                                                                                      Entropy (8bit):7.977412423151574
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:L5w0vwkA4j2jXQS94Zq4tKk7fZi95pJGg72N4jgBQZjSh4Jxqm9G:dlIkzj4gHZF/he5qk2N4jgBQpJk
                                                                                                                                                                                                                      MD5:405DDA0BF2FBB01961150AE8ADD07C62
                                                                                                                                                                                                                      SHA1:61F7A8F4E5CFE04E7D98FAD0A57C5C1C5D7D4AC9
                                                                                                                                                                                                                      SHA-256:589EB1B2696636496F711A1A7EBE139873465D9B1B60A907885813FFEFCDCDD4
                                                                                                                                                                                                                      SHA-512:5793A3D2971405E4133A9D8A96C632A9F1E40E8D9F75517EAB5AC5624CCD881EABB9936E921DE0383A2A616BE166C10BB52F6AA514A8BB94D1DD53B974F6311B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...1...2.............pHYs..........B......iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)" xmp:CreateDate="2018-05-01T15:52:43-04:00" xmp:ModifyDate="2018-12-31T21:39:29-05:00" xmp:MetadataDate="2018-12-31T21:39:29-05:00" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:3997e22

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\Skin\Skin definition.txt

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):827
                                                                                                                                                                                                                      Entropy (8bit):4.956503374539533
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24:4yPrx1AynoaAYxYnDYWWTNK1KjKkMFMeJ:44xhHe70NYwsFMeJ
                                                                                                                                                                                                                      MD5:431B79ADF185C0A2E58C23721E86EB16
                                                                                                                                                                                                                      SHA1:1CA0CD099BCA081BACDBBF83A2D18936F1851899
                                                                                                                                                                                                                      SHA-256:9ABA8FF6BB7AB3D4288497CD5DCFC9883ABAFC7171C40BE700356E0D48E2EC28
                                                                                                                                                                                                                      SHA-512:33F27908F4A7BA0F6997C87B2C4EE24DBAA5CF2BB431567FA33491DF5C834FC2AC1DAD074B88D22BA8C547B5C4FB0DE24F6D4FD9A96416C55C22AB7804ACEB0A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.SkinName = ..Merlock's device....ItemSize = ..68..RadiusSizeFactor = .1..AutoSubmenuMarking = .1....ItemGlow =..ItemGlow.png....TextBoxShrink = .1..TextFont = ..Arial..TextSize = ..11..TextColor = ..eeffee..TextTrans = ..cc..TextRendering = .5....TextShadow = ..1..TextShadowColor = .000000..TextShadowTrans = .ff..TextShadowOffset = .1....IconShrink = ..1..IconTrans = ..0.6....ItemBack = ..ItemBack.png..ItemBackShrink = .1..ItemBackTrans = .1....SpecItemBackShrink = .1..SpecItemBackTrans = ..6....ItemFore = ....ItemForeShrink = ...ItemForeTrans = ..6....ItemShadow = ....ItemShadowShrink = ...ItemShadowTrans = .....MenuBack = ..MenuBack.png..MenuBackSize = ..add+20..MenuBackTrans = .1....MenuBackOuterRim = ...MenuBackOuterRimWidth = 1..MenuBackOuterRimTrans = 1....MenuFore = ....MenuForeSize = ....MenuForeTrans = .

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\Upload.ico

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:MS Windows icon resource - 9 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):166430
                                                                                                                                                                                                                      Entropy (8bit):3.567926076809491
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:AnCQDDDDDDDDDDDDDDDD6DDDDDDDDDDDDDDDRDDDDDDDDDDhDDDDDDDDDDGIJSG:AndDDDDDDDDDDDDDDDD6DDDDDDDDDDDj
                                                                                                                                                                                                                      MD5:2C348B05F229DADD44B5431300997DF2
                                                                                                                                                                                                                      SHA1:416F3E9A80C453C1A164D34F9BDDB751BA147270
                                                                                                                                                                                                                      SHA-256:8548F03263E131ECEE3C325B738EA438359A4FA96BE20E714B8A9F4DA045DF21
                                                                                                                                                                                                                      SHA-512:66A90267AF961F8F77E3C7D328C6BF9FC647706847F91AC9F7F1349AD81896B5B51391548E56F9B073F486A92CF99831866F21F23C9B1843E135E77409DE64CB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:............ ............... .(...^...``.... .........HH.... ..T......@@.... .(B......00.... ..%...E.. .... ......k........ ......|........ .h........PNG........IHDR.............\r.f....pHYs..........o.d...zIDATx...[l\.}...P[....1.`.|.DR....`..._..HqIJ"%J.C.$A.X...A....N!.A..F`.F!.!..n.h....m.Q..A\../.*.6...tB..>...R.!..;sf~.c.....g~g.g.....q]..............W.....O..O:+NjN...=.}M.s..x.?2e.{.n.>R..!.@$.L.5...)...l{.e.D.....\. 5.....P.......\.x@...=..n`."..F...U..C...=..F.O..?..S.{0..+.......6.7<....mA...@.......`a.........K.(.......K....x(....)..e0O......K.wd.^...@.v.z..:3|....].U+...@`v.zW..Ux..#Ux_qHw..d.....,..([...,?..*...f.a....R......Ro..dC....t.P...Fr[..@-@.v.z._..k.c;.Y~....<............w.z...Q.Q....R.}...~t3..+.R..c...F.L.[..1....Z@$.4..1...[....`...q..D....,...{]..4.....)..94X.i2....9.Z..g....u..8...9`.i.O.f.....ROK5..=.@...z....~..{5.......92{.......]>.#.E..(.rb..S Y.{..R.L.k.]>..B$.Z..x...?@=pp6..s.........}.u,..,.u]..S..].=.c.W..9.e..+F~...

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\WAs\WeakAuraTemplate.txt

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (8839), with no line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):8839
                                                                                                                                                                                                                      Entropy (8bit):5.995223133548041
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:hWjWIZeKWZ0JlqSqazaDdB5dgsjlIh+aBbbMrbyCcnuRPG:hWjWIZx7JlqvazaDdOfMrbou0
                                                                                                                                                                                                                      MD5:A69EDF436F7C27323BAF269FB59159F6
                                                                                                                                                                                                                      SHA1:85D6722C798DEF203DB262C5118B1EA4572145B1
                                                                                                                                                                                                                      SHA-256:80D006A2565595DB6388FBCE97B4B277505DC642A92919500A3073EA33AD3086
                                                                                                                                                                                                                      SHA-512:124454A194D9D2231B2CB9C4AC54440453553CE9FA16E4093DD7C05091AB0A428503FBCD4BDCB19E24D63F01ED42055075F40F78150A437831495118140118FE
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:!S31c3PnUx(VlDp7ztMDsh)GN7(pZ5eiqE0eidMK20Tlbdya34ytTnjHC2dF2xj5NYwYwMaesJN2jLiKLLV6QF3F3RUsUhFVU9KKb)WUNKvpjHpZZ9zE(Esp0tAe8VGVDG8W7hzAmRUHMHjOGw8O)kG(Pi6Nf61I7ZfHTXadZrkM1CVKEs10uF5fzZrl731WqZwfuK8C7PgMTNzRAOB5CNNRcUzLU(2btl9YVMzETx70BG3NAmAIspPwg6GFkRpe0axzOQdU06nA1TrhVQjP(IcOhvY73zQpBQmb0v6UygOTNyAmh0hvEEMS(iLr9Q1tY2uDYeftlNMPRFbWposzW8XJDU0tBCXvnV(cW3J(v55MYaz6mfnTZg5(CAnFGYJk62sGls95Es3v)iPU3j19OoDd(YRmvqFP0vnUa0AZ1vbx5mn5fGBPeQgG7LISM90Es6YpO402qPOEqpdvG8qB1hv66u4LgJaIMd45GFZZThp2sXUxZdQikWZZvIRKOyvHsCC9gFqbrpXNBTAve07gkRbfTGpPOn2v4xRD3UTV8IgnbDF4q4F8hTuEQMMXW7T6Q8aOpBdeeGAQyQlRDdqgcKZG2GRN0ytqphijLTLrnQZyAtyPostP6DA0OvpPHg6JvN4i(C6uNPJ6tqT0fEpgflwKtue095luQCv)NczD1hKH6zWXklBztB0GgyKbw4DoduwkG7byeYDCthQJbUzpiRQZEThRQRAnL56BJEWgPgAoGMHmA62ClL7gQjBzbv(bQpdHf(WCWChVHvNVnAPwqv)if6Qd4Cp8faH7U2WXhv7G6pmqnx5zBHiZYGLX30aOb7mrJJ40zVHLwhuKYS1HaWGrgpPl9KkqQaMKnCULTXdDbn)1ZgHuBM7(VEvfHamG2dK)dr4hnBK0CIMXto4adCFaAOlpqZzY99kkZockLT7ah1qY8a9BVUlrvylB1H3V4y3HB4vgCNOH4Wd7tO(a2mOoNDYPEsCO0TPM8eGk

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\close.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15854
                                                                                                                                                                                                                      Entropy (8bit):1.9153447831829364
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:fuDk29WJsEvPqP5fj9/W6kBC4fCbLPCZLpfCgIxN+Y9rNGcf+rsGvI7cdppJ7vg4:okEWm/P9BQIxNXrNGQ+rsGvCcXfvEG
                                                                                                                                                                                                                      MD5:E9306F7596AE3D4AFA49D88C08285A14
                                                                                                                                                                                                                      SHA1:9EE23530DEEC6F584BDCD09CAE950841A42075C4
                                                                                                                                                                                                                      SHA-256:BBD6B3F4376B34D3F9595BE55ACFE74A2D0B06E17E9E1DB9440DC32E99041CB1
                                                                                                                                                                                                                      SHA-512:9AC8A3422C04F05561F4565321F5FBC0A320626B58B7A4143388CE27E1C63C38B1BDCAC2D095562120CE44D38557905C607B21F8879C53A8CCBF2FBBC5305A03
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR.............;mG.....pHYs..........+....<}iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2015 (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2017-08-24T13:34:47-04:00</xmp:CreateDate>. <xmp:MetadataDate>2017-10-24T05:36:39-04:00</xmp:MetadataDate>. <x

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\color.ico

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:MS Windows icon resource - 9 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):205734
                                                                                                                                                                                                                      Entropy (8bit):5.899468279791077
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:rvzncjDvRxLFO6P7Q/4yW/Q+9a/K4R444Y444W4kS7uUSQp0:PncPHFLuoQAH0
                                                                                                                                                                                                                      MD5:71BCA77D898568D074CD61EAF5D9D55F
                                                                                                                                                                                                                      SHA1:BBBCA427A54F23EB7973BA17D1956880447F7BA5
                                                                                                                                                                                                                      SHA-256:713D01FCA7C2AC5A27C96429A4E61E648D78DA8181F28FA626447A1D55AD68C3
                                                                                                                                                                                                                      SHA-512:D425D8C4E42E09AE826DF4E46EA526481DFF2D0848CB0C426058FB2427177917803F94627DE9206661C1169B5FFDFA1C9AE56FEFCFEA6F4F10E79AB58944CD48
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:............ .P............. .(......``.... .........HH.... ..T...H..@@.... .(B..>...00.... ..%..f... .... ............... ............... .h...>....PNG........IHDR.............\r.f....pHYs..........o.d.. .IDATx..w...}.......].;..N..&a$.........3!.K....q.f.$6..-.C.!1..l..i..E.!$!..B:.+....;;...1;{ss.w{........|..fv..S.4N.4.h!.....x..S....T....D...&B6b*....Q.w..e..<...$.|P*..H._B.dT....*bF...N.u_..p.....m-B.K........H.......-.0.g.{9\.:6..c......+ ......$.m.GG....8..F.gl..b.C..PL.).%E.B>./../........(.....Z....cBB ^.(.|...r......`. ......R.m.J.Fr#......=..R...@..N.$...._..c..>.8..F.gl.@1?...F..Sy.....M..l....S..#.L.@|.+w.6.m.Q.4..i,..C...y.......uv.....0..W.r.H..`"7........Xp...$..>.!..!C...!..W.yA.H5q..V...@..T.^...6..g4..0.4..),.u....Y0&.K.HA..F..X.U.Q..(.u....|......h...;.N..s..`*..3.......\W......M.........3....N3..@O..C......9c..9..V.....`(......u/>.8..r.... ..c.4Ty.gl..EU.........H!..c..:N3.\.cR.4.B1.o.....=.Z...31.V..H......4..%.n=.aN..

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\colorpicker.html

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:HTML document, ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):363
                                                                                                                                                                                                                      Entropy (8bit):5.168425993856522
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:hxuJLzLJ7djJWExv6OqkvJJLsVQTSK+HcqiqTifGIbDRWm7y4ALLZ7IAdw7MFq4A:hYz7ZJWyxRJAVJJiLZDRWm7GLLWAdw73
                                                                                                                                                                                                                      MD5:C1C842E18445B37A6C53826CD74934D5
                                                                                                                                                                                                                      SHA1:9AA143FF347DC5107B3179237E13D00079E8031C
                                                                                                                                                                                                                      SHA-256:0946DAAA8BFF987D155FB2E7C75807B573483635A47F66FF9A3C0DE34BEE7C73
                                                                                                                                                                                                                      SHA-512:50EE3797960530C8BA7B4B34C5BB04A007DF7EF4CB12030548318F083DDF3035792EC457AE4A839522BB4FB843F5719FD5A17D10585DB0D092EFE905BC945F2F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<!DOCTYPE html>.<html>.<head>....<title>Color Selector</title>.</head>...<body style="text-align:left;">.......<script src="jscolor.js"></script>.... ..<input class="jscolor" value="ab2567">......<script>..function setTextColor(picker) ....{....document.getElementsByTagName('body')[0].style.color = '#' + picker.toString()..}.....</script>.......</body>.</html>.

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\delete.ico

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:MS Windows icon resource - 9 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):174326
                                                                                                                                                                                                                      Entropy (8bit):2.944488975400646
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:Tn1dqZyCx/3y1qkHH60CpwBp0mXywR3ZC1:5dmyW3y1qrwBemXyw1ZC1
                                                                                                                                                                                                                      MD5:9CD157F1FA7A610B87707965179A5984
                                                                                                                                                                                                                      SHA1:00E13550BA3A2D72AEB245D0B65CCABD8D719CD4
                                                                                                                                                                                                                      SHA-256:610F7046CBE4DC2AB890C494698AEBF38FC6AC5BBEF7A518F94AB8BEA770C91B
                                                                                                                                                                                                                      SHA-512:3AC82038882214BEFD8886DB5467DD171C080C6D3B9F14A813E99E6F183D4FC4532A9A3690C90B2C0059D4B95B05D0963760E62151D31793BBC13AF4FA841673
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:............ ..0............ .(...61..``.... .....^9..HH.... ..T......@@.... .(B..."..00.... ..%...d.. .... .....^......... ............... .h........PNG........IHDR.............\r.f....pHYs..........o.d.. .IDATx..{...}.gf.c..w...).D..[.E..+..I..hQ...&u..h..0..a.vSW6.?.A...a.......@....I.d.%.DZ"Er....u_3s...=..y..K:.~..bf~.1g...q..... .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ...`7z...-.d.......y..E.n.....Y........$...."....zp..@~...P.. ...K...8........./....L.....j.............n.v......J../|....O....4._[...i....z...;R.....g.).e.......m2.>S.+.9.e.Y.....%.\..~.z\....&.u.......s.Q...c..C..G.,.z.R.h\b...`.........'.>..sy......t.0.......H...h.--M\.vmrmmm{....................&.>.n.i....C...K$.R.!..b?....JZ..v)..1(.>2Yn.\..G..).O....u)...\o.W.C.?...0DX..Q.-

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\edit.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 17 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16344
                                                                                                                                                                                                                      Entropy (8bit):2.289555214186378
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:WpkEWRIxNXHMxcbVFCcXejh/oW5tZziV1AsDgxX1:WpktGxuchyNpOVnC
                                                                                                                                                                                                                      MD5:B4A7ADEE99B15CA1D7DD1BD911215E58
                                                                                                                                                                                                                      SHA1:2B1FAE4CA73A47AADA6A8265B42AB97062207A00
                                                                                                                                                                                                                      SHA-256:8963B84FC378000D5A7E18E6392751A10F9C5B01DB42D6DA185759ACEC7C0838
                                                                                                                                                                                                                      SHA-512:F71507B1596A0AC0B0A4A6142D7E046282DA277D39783127189651C8A1BD01336CC4FAE0D59AA38B29BD2459FC03599B70A1B30E3A885F531C7629A44CF1CB05
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...............5T....pHYs..........+....;.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2015 (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2017-09-01T22:14:24-04:00</xmp:CreateDate>. <xmp:ModifyDate>2018-05-23T23:39:25-04:00</xmp:ModifyDate>. <xmp:M

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\icon42.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):63369
                                                                                                                                                                                                                      Entropy (8bit):7.981223946485636
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:zx+HOQhMdt5Mhd7hGu1xvI+WrLtNKTd0EN6TZMB5VxHIPSlVPLZKIDjLDIkg476+:z0OQmoZPQ+WPtQkKB9HIPSlNou69V6
                                                                                                                                                                                                                      MD5:18889636E029E016CCCCAB2B7239B3C7
                                                                                                                                                                                                                      SHA1:0B1F11418A6D9F26141DF896175FF4D1F1C1CA3F
                                                                                                                                                                                                                      SHA-256:67C74C1AD8635D876A87BE615EB9C3CBBA35D2FA6E17FE062D3D822F995DFDDC
                                                                                                                                                                                                                      SHA-512:DDD4EF6C713E6D2FC5253A85BD80F3FF6D7E8913593B007DEA446210668069D852E8C05F2671DE55E71F06FE1E4ECF2A100A405CC8703E9A6CB7FBBBC250DBEE
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR.............\r.f....pHYs.................iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2018-11-24T22:33:56-05:00" xmp:ModifyDate="2018-12-26T11:50:11-05:00" xmp:MetadataDate="2018-12-26T11:50:11-05:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:8f85ea04-76d1-714c-8b33-72eea7688243" xmpMM:DocumentID="adobe:docid:photoshop:f9e74ed0-e8bf-4b4e-a817-287ff3a4947

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\jscolor.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):54093
                                                                                                                                                                                                                      Entropy (8bit):5.292995904466541
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:6qdxiQWhFqGjd4g4v7z4Jt1UJb2bvRwR4PaOZIm4L4f42y5vk5+4I4N4O4GDTjcR:6+WXPhtS7zct1xcwrImAO1y5kIFk3nD0
                                                                                                                                                                                                                      MD5:27173C318E8C68DF8FCC7FCD77776738
                                                                                                                                                                                                                      SHA1:BD1D78308E83A8B5561BC9FE73BFB91D974F0011
                                                                                                                                                                                                                      SHA-256:F3CA21DE7A02DCADADFB2E9221496913F859CE5BDB88DFEB31D4CB3A0C1E37B6
                                                                                                                                                                                                                      SHA-512:73160002D3ED99A460F4837B77F5F50D03A1A08412D92E59F74EDBAE1924A31399375205BEDA55CA255FC22BCAF21B6F6246CDB2E141DAF2BF3147EF50217580
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:/**.. * jscolor - JavaScript Color Picker.. *.. * @link http://jscolor.com.. * @license For open source use: GPLv3.. * For commercial use: JSColor Commercial License.. * @author Jan Odvarko.. * @version 2.0.5.. *.. * See usage examples at http://jscolor.com/examples/.. */......"use strict";......if (!window.jscolor) { window.jscolor = (function () {......var jsc = {.......register : function () {....jsc.attachDOMReadyEvent(jsc.init);....jsc.attachEvent(document, 'mousedown', jsc.onDocumentMouseDown);....jsc.attachEvent(document, 'touchstart', jsc.onDocumentTouchStart);....jsc.attachEvent(window, 'resize', jsc.onWindowResize);...},.......init : function () {....if (jsc.jscolor.lookupClass) {.....jsc.jscolor.installByClassName(jsc.jscolor.lookupClass);....}...},.......tryInstallOnElements : function (elms, className) {....var matchClass = new RegExp('(^|\\s)(' + className + ')(\\s*(\\{[^}]*\\})|\\s|$)', 'i');......for (var i = 0; i < elms.length; i += 1) {.....if (elms[i].ty

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\loc.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 3 x 3, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):185
                                                                                                                                                                                                                      Entropy (8bit):5.770847772912797
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:yionv//thPlJlh/kVLts7CX9/gnbB2hwiViLtgl/VshHGH3iLmBjcD2g1p:6v/lhP7f/0R/CnFMQLt/HqDWp
                                                                                                                                                                                                                      MD5:CC1EA872A7C8F5DDEA45915FB2EAAC0C
                                                                                                                                                                                                                      SHA1:0E38D3DB67554420B676E86B35C3D0327BB2D970
                                                                                                                                                                                                                      SHA-256:1B2DA27D965A2E761BAA9EF26DF00AEE303BADFEE30A733A2E1F76B8FBA6707E
                                                                                                                                                                                                                      SHA-512:8CD28771B3FD807CBF45FAA6968381C0FC9A7D66A74BC6227CF817B08D300B6D507BCCF6C66ED3935C41C1AA658CDC641B4AF47A02FBB1F4C43189EFC85601AE
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR.............V(......sRGB.........gAMA......a.....pHYs..........(J.....tEXtSoftware.Greenshot^U.....0IDAT.Wc4h......Jb........~...*...jX.....jX....l..89.C....IEND.B`.

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\locked.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 54 x 19, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):211
                                                                                                                                                                                                                      Entropy (8bit):5.881174110390035
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:yionv//thPlPUyAlax/Hn6WlsHDh/rywOkealvBGZPTFBDQ58rwDuss+Tmf4X0d4:6v/lhPayAYfvlKhmIDvBGZDsIBM/Vp
                                                                                                                                                                                                                      MD5:7952DF863E04685EEC6AEC7F10523DEF
                                                                                                                                                                                                                      SHA1:F9E0B8C1763F688DD967DD90FAE4718E4D757C4E
                                                                                                                                                                                                                      SHA-256:443DEFEE88887FB77E5B07ECECA26578A89D040435E42CE9E7A7C2AC18D5C994
                                                                                                                                                                                                                      SHA-512:E6792CDA59B84EEE321248E0D1F405BE377E0338C79B0DEB441DEE906F35861BA93611E05FB0268C813D3B41B9BF274CA84BCD5A5B369982BE09D87CF8C1D4DE
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...6..........$.X... cHRM..z%..............u0...`..:....o._.F....pHYs..........+.....YIDATXGc....?.0.`......20..t...6...P...a.....=6\..2..16........P....j`.cC..zl..a....1.......`.p.U....IEND.B`.

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\locked2.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 54 x 19, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):205
                                                                                                                                                                                                                      Entropy (8bit):5.830188509036385
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:6v/lhPayAYfvlKhmPibCrv5Ux/s451JTp:6v/7rR0ov5Ux/sIh
                                                                                                                                                                                                                      MD5:B3251A2689B6A58E12ABF90BC74BBA98
                                                                                                                                                                                                                      SHA1:3E391E32FFE779E426171BA7D58F5675C45E390B
                                                                                                                                                                                                                      SHA-256:97343C489076AEFD8B99426229937F2031B9E055038231A79B0F0E538ECF3A2A
                                                                                                                                                                                                                      SHA-512:CCF3DBC0AF2B5C59555C0D6D9DE9B982ABC59AE7D561C943F088E41C154093A7421E2012D5A97AD5A1A26FEE5F507966B22A40F10F0E2D8398080C3666690D60
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...6..........$.X... cHRM..z%..............u0...`..:....o._.F....pHYs..........+.....SIDATXGcT...a..&...C1........!>.^0.........r8...c...zl..Q..50..F=6...............$.(x.:t....IEND.B`.

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\locked3.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 54 x 19, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):211
                                                                                                                                                                                                                      Entropy (8bit):5.832053124718943
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:6v/lhPayAYfvlKhmIKIZK6Aq/VH1gXhqdp:6v/7riKXxq/Fau
                                                                                                                                                                                                                      MD5:7219601F7A697D302F998CCE57ACB6EB
                                                                                                                                                                                                                      SHA1:EFCEB461F3C2F86D79F060F35DF57D0877E1B83E
                                                                                                                                                                                                                      SHA-256:D3C991F543C39C7FACB22CEE3366B3611941D637908F4F5CAE09100698ABE3C7
                                                                                                                                                                                                                      SHA-512:FEE3DDEAB71C1430E50B77528A8262E263E19F5ACC96DD1651E3D8744CE8F120A3B838DC5AAFCAC5C30640D6FF6AFBB216A5E59A84DC55CBD44AFAB22992DBDB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...6..........$.X... cHRM..z%..............u0...`..:....o._.F....pHYs..........+.....YIDATXGc|+..a.....[gC...7.S....0<6..,b...0.`......w..G0..F=6........P....j`.v4.i.10..w...g..t....IEND.B`.

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\locked4.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 54 x 19, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):211
                                                                                                                                                                                                                      Entropy (8bit):5.938046148304728
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:yionv//thPlPUyAlax/Hn6WlsHDh/rywOk+nv4QUxcTP9BDQ58rwDuss+Tmf4X0K:6v/lhPayAYfvlKhmIqABI3DsIBwvfKup
                                                                                                                                                                                                                      MD5:63EC9C66725C191906C9127688AAAC90
                                                                                                                                                                                                                      SHA1:F1A85F8462D48301C109E52F7084906CAF7A76CC
                                                                                                                                                                                                                      SHA-256:56844FFBEBF7BC3559837F3D3FC6577D8696788F1EE2750E7AA95C07C83CE592
                                                                                                                                                                                                                      SHA-512:857A8C727D19846B84D96C6DF44D4387ABC37E275DEB31F3948F66329A26A3A73B2DDA2645024DCFB05D967C56E7EFE9A7D38604D85222861D4F150006B84A63
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...6..........$.X... cHRM..z%..............u0...`..:....o._.F....pHYs..........+.....YIDATXGc.y....a....>q..e`h....6...P...a.....=6\..2..16........P....j`.cC..zl..a....1......w`J......IEND.B`.

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\min.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15674
                                                                                                                                                                                                                      Entropy (8bit):1.7904892552163527
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:fuDk29WJsEvKPq/PlBCcRaL/+LvgIxN+Y9rNGcf+rsGvI7cdppJ79Y:okEWmrP2LKIxNXrNGQ+rsGvCcXfa
                                                                                                                                                                                                                      MD5:B976C978C6E13E6D5106F85EDD98260E
                                                                                                                                                                                                                      SHA1:346AD5CFB96D5FF9D851312FFE6B185F07B439BC
                                                                                                                                                                                                                      SHA-256:D5EC61CA3CEBC4CFFB1BF24B65F8E5927451A77E802218D1920089FE8F82BFC9
                                                                                                                                                                                                                      SHA-512:BD439306FC9781A1107CE8AE5107B4BED0159AC06B4879E9E8D13F1610B94C6D24A623C26BB539492C9EFE6DAAE12045A0519461220723AE0D2EED84EDE0CC76
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR.............;mG.....pHYs..........+....<}iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2015 (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2017-08-24T13:34:29-04:00</xmp:CreateDate>. <xmp:MetadataDate>2017-10-24T05:37:18-04:00</xmp:MetadataDate>. <x

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\paypal gui with buttons.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 316 x 192, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):25328
                                                                                                                                                                                                                      Entropy (8bit):7.92210523600589
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:mEEGFr6UR5Hoxhe4FmpaQ1L3ea8ksINBg3wyBUiyhg:mstoxAWQNXmMBgAoUi0g
                                                                                                                                                                                                                      MD5:C2F9B512D05166F539C9C5478AB5BE43
                                                                                                                                                                                                                      SHA1:88BD46CD4E3FB3B0C3C7D020EB7E4A99F84B2C65
                                                                                                                                                                                                                      SHA-256:B082F1A7A524E2D2F3C07140B155410F2D8C936422C132AF6B5C483D868FE408
                                                                                                                                                                                                                      SHA-512:FF3406C6D03FDF55F520A1FB5305370B46825C97D41B3DAAD3E78CB37737913F731650B47440A2C81C31AACEA0B9ACA87A008A5B043A623866DD5E1F033F5B82
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...<.........."......pHYs...#...#.x.?v....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2018-12-26T18:08:36-05:00" xmp:MetadataDate="2019-01-18T22:36:09-05:00" xmp:ModifyDate="2019-01-18T22:36:09-05:00" dc:format="image/png" xmpMM:InstanceID="xmp.iid:f2999e32-3bf6-1944-9ba9-f88ce2a

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\paypal gui.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 316 x 192, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16821
                                                                                                                                                                                                                      Entropy (8bit):7.867529657278568
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:mnEjLs67Z7i3CTmfgifR1N1HMngNUZKGH5Sl+pe9Cruyi5AQu:mE7i3CSoi/N1qJZJHoKewq5AQu
                                                                                                                                                                                                                      MD5:E51D798F7A9C56278C51462CD64CF81C
                                                                                                                                                                                                                      SHA1:92C214067089849D9DC5D61732701875194E066C
                                                                                                                                                                                                                      SHA-256:0EE6A549D2EAC00C286188760114381080384F2BA424BF4089369D3CCCCBB1CE
                                                                                                                                                                                                                      SHA-512:60D8630B3EF490C1D93F036D91481E868274DE099B384B511FE4A64B2CA5CB61D3F3A37D75E44BA278B7D3867F42FBC458E07DB4B9E309BB899D92FF3A2D40B4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...<.........."......pHYs...#...#.x.?v....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2018-12-26T18:08:36-05:00" xmp:MetadataDate="2019-01-18T22:37:17-05:00" xmp:ModifyDate="2019-01-18T22:37:17-05:00" dc:format="image/png" xmpMM:InstanceID="xmp.iid:e05cbb9c-7dcd-3c4a-9d13-70b0bd3

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\profilename ui.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 316 x 192, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5008
                                                                                                                                                                                                                      Entropy (8bit):6.575107570939452
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:OYkknGLWaOYqYkt/y98EHnrHmH7gqHtuwNfi+fR3ocNG0Auu+rkGpALKVsh4kZGy:fkknEnrJHrG3YwFJvBhNsh46Gy
                                                                                                                                                                                                                      MD5:CC4D0DC938EC720836BEA92EA2DCC379
                                                                                                                                                                                                                      SHA1:0735471B4040438B219DFD9FDC57B957C83D8628
                                                                                                                                                                                                                      SHA-256:3CB8FCFF4EE04665A7A35ED3E4C7858AFA252F068542B93A32A3CBB3C084E570
                                                                                                                                                                                                                      SHA-512:54C971DB882CE5F99BDA97C52EC8BD3A5847DE87FFFF8D969D00DC72C074100B266754328F9EA1014392A5248220759742F5B3C57637B8AF3F23C7E6ADBF94A9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...<.........."......pHYs...#...#.x.?v...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2018-12-26T18:08:36-05:00" xmp:MetadataDate="2018-12-30T23:55:37-05:00" xmp:ModifyDate="2018-12-30T23:55:37-05:00" dc:format="image/png" xmpMM:InstanceID="xmp.iid:2e5b408e-5fef-284a-9a0c-4e6e19f

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\rotate gui base.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 316 x 192, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20316
                                                                                                                                                                                                                      Entropy (8bit):7.908181990005537
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:EnbonrvGoy1WGLJMMxeV7A72pJz0Avjvid21imdaXmt0+03wrxt5aZJ1lqoFJXsb:E2Goy1jLJMJcwJz0Avjqd21iJXmt0mj1
                                                                                                                                                                                                                      MD5:38923FBEAB06CF28D45E75B8C4E56194
                                                                                                                                                                                                                      SHA1:3FA3245AE018A9328E4E5E99F9CEAAF96A765220
                                                                                                                                                                                                                      SHA-256:18A2EF227387704FA0E6BA03D067378ED7D4825349FD9CCEDD89F2BB416B1CE1
                                                                                                                                                                                                                      SHA-512:C994930B6C996C32EA41D00854A2E9548D33F06A20E25AA53C6FCA7A594AE0A94793D895B248A81F881876D7A35FBDBB106DC088E555F24E1C908ABECC76FC33
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...<.........."......pHYs...#...#.x.?v....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2018-12-26T18:08:36-05:00" xmp:MetadataDate="2018-12-26T20:43:55-05:00" xmp:ModifyDate="2018-12-26T20:43:55-05:00" dc:format="image/png" xmpMM:InstanceID="xmp.iid:b43a5538-8f1b-8445-af9c-76ce74b4e55b" xmpMM:DocumentID="adobe:docid:photoshop:e64af73a-8606-044e-9ab6-ad6cecbeca88" x

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\rotate gui with buttons and log.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 316 x 192, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):28504
                                                                                                                                                                                                                      Entropy (8bit):7.93787416772731
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:ynEOL90BP7yEY9gsm8WV0dWkMpU0I2yzrW7B4H0nGjpYermkLVFmwP4Mv50A3C:yE5yEags+OdWj7ynW94uGjp9jYiO
                                                                                                                                                                                                                      MD5:F948EEF939C0D28BD4776495EF71D037
                                                                                                                                                                                                                      SHA1:819530CC8181B4417655C2C60EF1EDD8E9BF63AA
                                                                                                                                                                                                                      SHA-256:22D5A608C70FE67F3C8CE17633E9A28FC211DFA82BB71F6A4181E15358CF7D76
                                                                                                                                                                                                                      SHA-512:025A7379AD11072403732D0C8AC635621F041BE3321C67ABD247838B93DDFE249C00D1CB58961BF853DA92EC724F090C2A8DD2A51CA76053F04C05744DB58C5A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...<.........."......pHYs...#...#.x.?v....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2018-12-26T18:08:36-05:00" xmp:MetadataDate="2019-01-01T03:27:32-05:00" xmp:ModifyDate="2019-01-01T03:27:32-05:00" dc:format="image/png" xmpMM:InstanceID="xmp.iid:cf320a9a-c52f-574d-89c7-b721802

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\rotate gui with buttons.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 316 x 192, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):29445
                                                                                                                                                                                                                      Entropy (8bit):7.938184515239683
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:yE5XcmYvidIE5pdWxi89DOzKxHZLGR554vNLfBWW5UpQ:yo7GE/UodKxH8h8NzBWYYQ
                                                                                                                                                                                                                      MD5:F7213FCFB39D0FF0389A71545CD5C25F
                                                                                                                                                                                                                      SHA1:E1E9E8B8E4877E624B8A9FCC362ECD7C2CBE9BCC
                                                                                                                                                                                                                      SHA-256:E534BBD426AF5DC7E8C8DADA05DA81195C83A5EAFE9B7DCAD73B14501F03921B
                                                                                                                                                                                                                      SHA-512:406A4B571DB367C92A3B28375709BF5D85256A49EA32F7C75D7C4E2CCD532B4AB4B78B0F8FEAE6FE59C106BA77F747AB466957CDEC99D934D937E858C9B85B8A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...<.........."......pHYs...#...#.x.?v....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2018-12-26T18:08:36-05:00" xmp:MetadataDate="2019-01-01T03:27:22-05:00" xmp:ModifyDate="2019-01-01T03:27:22-05:00" dc:format="image/png" xmpMM:InstanceID="xmp.iid:4e30e510-f141-2c41-b15c-99ab43d

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\rotate gui with log.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 316 x 192, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19294
                                                                                                                                                                                                                      Entropy (8bit):7.90540673408908
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:En9DolPvCHfq7UxSPtWmS19CJQ0Ag8KqmjjD2or67y:EWoq75sCJQ5mT2of
                                                                                                                                                                                                                      MD5:137EE4DB81136A6559B21465AF5000B4
                                                                                                                                                                                                                      SHA1:929D5D88C160B373B9A9AE5D036DEF67E44A5D24
                                                                                                                                                                                                                      SHA-256:599A43107A079525A8BAF9BA2705374C854261CEFB99E565EEFDEBB10E7AF6F2
                                                                                                                                                                                                                      SHA-512:C51BD83B7D822A44C3C2E46CDDF698664FB8B19A04AAD707354348B34893EFDCD6B6DF1FEF512672ACFA3B6D3DF96FA56BD150DB0F665B4AE7D5BD68E9912CD8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...<.........."......pHYs...#...#.x.?v....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2018-12-26T18:08:36-05:00" xmp:MetadataDate="2018-12-26T20:41:35-05:00" xmp:ModifyDate="2018-12-26T20:41:35-05:00" dc:format="image/png" xmpMM:InstanceID="xmp.iid:11210627-fd8e-d849-9e1d-fd80b815f6ff" xmpMM:DocumentID="adobe:docid:photoshop:182c2bd1-6de3-6d46-8c3a-a2177f4a247c" x

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\rotate minimized off.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 316 x 192, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4294
                                                                                                                                                                                                                      Entropy (8bit):6.559954652372535
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:GYkknGLWaOYMJyj/y98EHnrHrH7gfHJuwNG0A+rkGpEwwwwQt4sy3wwwwwwwwww8:HkknEVOJHrLOswvGwwwwuy3wwwwwwwwa
                                                                                                                                                                                                                      MD5:69A7DFE5938074C0709FFC95D976567B
                                                                                                                                                                                                                      SHA1:1D36145A2614008967CA2D14F818B659C7737C61
                                                                                                                                                                                                                      SHA-256:5E1000E7965C118DDBED19792F18C64A83DBA86571B5A5CD0ABDAF649F8DFC16
                                                                                                                                                                                                                      SHA-512:FC16BA2802B9318205CD73F62F3E055A54FE48F531C08863BF237FD5A20D2976B783759C57BF188B371BAACB999B76A7DC04FF31165001BDDD57A4007F9364FA
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...<.........."......pHYs...#...#.x.?v....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2018-12-26T18:08:36-05:00" xmp:MetadataDate="2018-12-28T15:31:10-05:00" xmp:ModifyDate="2018-12-28T15:31:10-05:00" dc:format="image/png" xmpMM:InstanceID="xmp.iid:ff68da69-813d-de45-b7a1-7018c57

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\rotate minimized on.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 316 x 192, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4331
                                                                                                                                                                                                                      Entropy (8bit):6.641063540216113
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:GYkknGLWaOYmQ1/y98EHnrHvH7gRH2uwNG0A+rkGpidFwwwwwvYoy9at4O60RwwM:HkknESJHrPUXwvQFwwwwwwo3SawwwwwR
                                                                                                                                                                                                                      MD5:FB7A25EDF27846FC128E838A29A37392
                                                                                                                                                                                                                      SHA1:658249B0F20192C47E5803C43BFD4F6B6756E216
                                                                                                                                                                                                                      SHA-256:0AC8AFA2F0DE822F365E5E75F53E200B97ADC31CA1F97629ADE1365AAD157531
                                                                                                                                                                                                                      SHA-512:13CE7BBB190E0023A9CE77CE1FD923C375352DFA53556C92B23475F45E973478B27FCE45E6049240DABD7116EB9A106242ECD91AFB4578C9F937AB1DC9E9DC68
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...<.........."......pHYs...#...#.x.?v....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2018-12-26T18:08:36-05:00" xmp:MetadataDate="2018-12-28T15:31:17-05:00" xmp:ModifyDate="2018-12-28T15:31:17-05:00" dc:format="image/png" xmpMM:InstanceID="xmp.iid:6905b9ae-5db1-7a43-9974-28818ff

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\rotate minimized.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 316 x 192, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):8492
                                                                                                                                                                                                                      Entropy (8bit):7.567982653146201
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:HkknElJHrcLdwvdUd6EHB6agNsVZ9EzGqIjgOEJOP:nnEnLcLavqdnU/sViGqjOvP
                                                                                                                                                                                                                      MD5:450A4E58B2F989F841DCECA38D48884C
                                                                                                                                                                                                                      SHA1:D0AA780E42D2A85B71101EE1977BA46A08578AF2
                                                                                                                                                                                                                      SHA-256:F8C110BCA0140283FFC3076CE6BEF7575D0E3DDCA5F364FD9FA8AED896C8334C
                                                                                                                                                                                                                      SHA-512:6FD3ED828ED50DE5461BC677D764BEE4959489D669AE4208B762620E824DA12C987896F528B2E44295981E9B2D0D6C286B1B824B3348DDA0007199B5790EE6F6
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...<.........."......pHYs...#...#.x.?v....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2018-12-26T18:08:36-05:00" xmp:MetadataDate="2018-12-28T15:30:42-05:00" xmp:ModifyDate="2018-12-28T15:30:42-05:00" dc:format="image/png" xmpMM:InstanceID="xmp.iid:4c336bad-4be5-3946-b05e-aab0ec3

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\rotate off.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 316 x 192, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4569
                                                                                                                                                                                                                      Entropy (8bit):6.7452152371929115
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:GYkknGLWaOYoUzrj/y98EHnrHZH7gc3HxuwNG0A+rkGpN+1wwLfag8Q11wwwwwwD:HkknEz/OJHr5N3EwvH+1wwOM11wwwwwQ
                                                                                                                                                                                                                      MD5:274A838EC4F30A4C325D91F52A025DC7
                                                                                                                                                                                                                      SHA1:E1C0AA3D9D051D630C1F1CB50F88E1E9147E5203
                                                                                                                                                                                                                      SHA-256:A7037E7C09749FDF732E882B3D32C35F5230CA43078FE62E413DA500482A2E03
                                                                                                                                                                                                                      SHA-512:D517C7400A1FD9E531C4110271FBECC125E6B02C24268FA872762A1608DBF9E18F57A6F18F3675D64CCFA74D7CA050574F2218C3DF098BD6CF288497A07E4871
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...<.........."......pHYs...#...#.x.?v....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2018-12-26T18:08:36-05:00" xmp:MetadataDate="2018-12-27T21:53:27-05:00" xmp:ModifyDate="2018-12-27T21:53:27-05:00" dc:format="image/png" xmpMM:InstanceID="xmp.iid:eeba2df7-ea5f-5043-8463-73c9a45

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\rotate on.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 316 x 192, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4562
                                                                                                                                                                                                                      Entropy (8bit):6.735590437491905
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:GYkknGLWaOY6QAI/y98EHnrH7YH7gHHeCuwNG0A+rkGpHVbwwLdGt5Dwwwwwwwwn:HkknEeBJHrbYS+bwvRpwwLcDwwwwwwwi
                                                                                                                                                                                                                      MD5:AE212AD03E13A611E47B2895E54366A0
                                                                                                                                                                                                                      SHA1:FD6925EFAFF34A0503293FC2A25F01E9B3A88EF4
                                                                                                                                                                                                                      SHA-256:62F69E5D8C78925E93E536EED9A9F4713B2FDC5D156481FAAD35A7601D50EAD0
                                                                                                                                                                                                                      SHA-512:2F2E6A421D91F557D62ECAEDFE3EEDB875029B8C3FB7031C9FAD569F0C30B35CF8C216168EEFC2F32E2EFD9F7FDD17D03573570474C0266D66422CF5192C735B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...<.........."......pHYs...#...#.x.?v....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2018-12-26T18:08:36-05:00" xmp:MetadataDate="2018-12-27T21:53:42-05:00" xmp:ModifyDate="2018-12-27T21:53:42-05:00" dc:format="image/png" xmpMM:InstanceID="xmp.iid:82532f69-64d4-4e43-b9a3-86f4b88

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\settings.ini

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):78
                                                                                                                                                                                                                      Entropy (8bit):3.3503891353342574
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:Q+slALqRIivcWc6UlYlUlo6rJ1ovl:Q+slAmPcWc6UCOlo6rJu9
                                                                                                                                                                                                                      MD5:D881853740B872D36695384E112FA53F
                                                                                                                                                                                                                      SHA1:B9417B9E5AA98A1F3D7803541E1D316353A79CFF
                                                                                                                                                                                                                      SHA-256:AA700E00471135EC7531AF6CDFA78F08E04408ABF3E1215D67308B8FC42EA260
                                                                                                                                                                                                                      SHA-512:9FC42D73CF2C5AAB20E2396452FC5ECAD554BE7529CD91D5940D0A2178D71B85B73F0B3C394E3CAC9F5B966DB8EC1A41B699C557BFB62BA59BAF3FDC4F08AFAB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:..[.S.e.t.t.i.n.g.s.].....g.u.i.s.c.a.l.e.=.1.....P.r.e.v.V.e.r.=.4...5.7.....

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\status1off.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 316 x 192, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4278
                                                                                                                                                                                                                      Entropy (8bit):6.560771494438298
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:GYkknGLWaOY+Vdu/y98EHnrHxH7gIHUuwNG0A+rkGpEhwwwww3fPwvmRarWvYwwn:HkknE6JHrRlpwv+hwwwwwPvRVAwwwwwA
                                                                                                                                                                                                                      MD5:1D5DC1C3D261250DC8673E857B9E0B16
                                                                                                                                                                                                                      SHA1:EA91FBC661D0E4097675C317E3858E7ACCDF9662
                                                                                                                                                                                                                      SHA-256:2829307EFCC17687A99DD0245F54BE196233A200A1D55387EEA53D67502E6BB4
                                                                                                                                                                                                                      SHA-512:8E4616D5E84072C20A64C4777701C0B2257277152FCA1019D00C141A68D695126B570A2D1A810DC6E3F4C478EEBFB669DDF0B2C8144A16740ECB2F8A7B928AC8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...<.........."......pHYs...#...#.x.?v....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2018-12-26T18:08:36-05:00" xmp:MetadataDate="2018-12-28T14:12:33-05:00" xmp:ModifyDate="2018-12-28T14:12:33-05:00" dc:format="image/png" xmpMM:InstanceID="xmp.iid:743176fd-157c-6a42-b2fb-1631345

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\status1on.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 316 x 192, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4310
                                                                                                                                                                                                                      Entropy (8bit):6.576972566089359
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:GYkknGLWaOYsXpX/j/y98EHnrHFH7g/9HQCuwNG0A+rkGp9wwwwwVrPBwwwwwwwu:HkknEY1OJHrl+9wbwvzwwwwwVrBwwwwj
                                                                                                                                                                                                                      MD5:927940EB433F5605196F6295689A66DE
                                                                                                                                                                                                                      SHA1:4BDFAB0598BF1E41751A4E72C82523F472D91445
                                                                                                                                                                                                                      SHA-256:90B6D62113544BE05F5A00E3940AC2B35C6917A2CA731E7E0EE24FFC6955440A
                                                                                                                                                                                                                      SHA-512:AF99126AB21A8574A38235DE5765267BBA37B90412C4F7616EE7DA50EE151D4B24D5E244F5BF05B502E9D4F4CDF99BA40A3E7255611713D9EDC5A86F00C0F7A8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...<.........."......pHYs...#...#.x.?v....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2018-12-26T18:08:36-05:00" xmp:MetadataDate="2018-12-28T14:12:47-05:00" xmp:ModifyDate="2018-12-28T14:12:47-05:00" dc:format="image/png" xmpMM:InstanceID="xmp.iid:ee926408-53b5-7c46-a4b1-44731f0

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\status2off.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 316 x 192, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4278
                                                                                                                                                                                                                      Entropy (8bit):6.563592482654975
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:GYkknGLWaOYmJT/y98EHnrHYH7goH5uwNG0A+rkGpvhwwwwwwwww0F8wwwwwwwwD:HkknEhJHr4VcwvNhwwwwwwwww0uwwwwH
                                                                                                                                                                                                                      MD5:F8A8473BDED7ECAA9E521E12143F62B9
                                                                                                                                                                                                                      SHA1:33AF7A568340BB84B18F5DF74390C35D30D9B59A
                                                                                                                                                                                                                      SHA-256:86B95A27C0BE7ECDE2991AE2A35F4EAF695A64AC9297F90C661E88FA95AB3E55
                                                                                                                                                                                                                      SHA-512:660907F43228A8C49CD845E56382C0D95E9328C65B6F81F7726844573EA3FBDCF8AC9A36B9C7486F1E18A54B87A6B0CFCE3FDB23EF8A3B85C4FC5662C48CD88C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...<.........."......pHYs...#...#.x.?v....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2018-12-26T18:08:36-05:00" xmp:MetadataDate="2018-12-28T14:13:05-05:00" xmp:ModifyDate="2018-12-28T14:13:05-05:00" dc:format="image/png" xmpMM:InstanceID="xmp.iid:7da37cc1-3ca1-c04e-95de-118ccac

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\status2on.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 316 x 192, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4310
                                                                                                                                                                                                                      Entropy (8bit):6.60366276733626
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:GYkknGLWaOYWk0p/y98EHnrHHRH7g7HQvuwNG0A+rkGpHXwwwwwwwwwV6BQt/8/K:HkknERJHrnRuwGwv1XwwwwwwwwwV6BuZ
                                                                                                                                                                                                                      MD5:42124F46E863A2F40ACC62F6B04775B2
                                                                                                                                                                                                                      SHA1:249C3D6373C3F3FCB1C0D2EFA2DA78A1CB23E74C
                                                                                                                                                                                                                      SHA-256:AD75228924121D4FDCE728C1B2439126053669FDA8C3CC0EC72D5D8E67880C0B
                                                                                                                                                                                                                      SHA-512:A02CBB73C89D6248575D8554FC9E590A7977787B6A84BD339FFBA703A2A8B1F534C7A8ABEAE201933647A96593C722A4741C28761058DDD5DE0F59BD9384CAD8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...<.........."......pHYs...#...#.x.?v....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2018-12-26T18:08:36-05:00" xmp:MetadataDate="2018-12-28T14:13:18-05:00" xmp:ModifyDate="2018-12-28T14:13:18-05:00" dc:format="image/png" xmpMM:InstanceID="xmp.iid:e3d71746-8bdd-a740-ba1b-bdf33f3

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\status3off.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 316 x 192, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4278
                                                                                                                                                                                                                      Entropy (8bit):6.570728131962546
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:GYkknGLWaOYOQKU/y98EHnrHRnH7gIPHs/uwNG0A+rkGpohwwwwwwwwwwwwkvdg5:HkknEwJHrFbxwvWhwwwwwwwwwwww05hq
                                                                                                                                                                                                                      MD5:E5CF113E83F68B776F00687B7351D9F5
                                                                                                                                                                                                                      SHA1:DC6CA6EBCFFD7CBF6056E4E418A984705B15E5CF
                                                                                                                                                                                                                      SHA-256:5F43CB4D454CE7B3253BC43B9643918B6E138F88443F9B2EC3159B872CED27BD
                                                                                                                                                                                                                      SHA-512:386FD2A5CF8293EE1D79305CD8E6C21064127FA545473E2AD7F5A78F410DAA1B6116730C2CB1ECCCA217638DDEADA036547942E8C589F82BF9A1765A580C9412
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...<.........."......pHYs...#...#.x.?v....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2018-12-26T18:08:36-05:00" xmp:MetadataDate="2018-12-28T14:13:30-05:00" xmp:ModifyDate="2018-12-28T14:13:30-05:00" dc:format="image/png" xmpMM:InstanceID="xmp.iid:0eac451b-73a8-c249-b933-49a36c1

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\status3on.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 316 x 192, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4310
                                                                                                                                                                                                                      Entropy (8bit):6.594018890578477
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:GYkknGLWaOYEkuE/y98EHnrHb5H7g7HyuuwNG0A+rkGpEwwwwwwwwwwwwoi+BUKX:HkknEDIJHr756S/wvmwwwwwwwwwwwwR0
                                                                                                                                                                                                                      MD5:479B53DFAD4AC0DAD37C839D9DC5D31E
                                                                                                                                                                                                                      SHA1:54CFA56E2A94D8E7596D7DCB7C50C10D9B00638C
                                                                                                                                                                                                                      SHA-256:40E46E8206DC80C1CAFFCFE1634FA6054CF55943831078E12437B3CDA9E7A5D8
                                                                                                                                                                                                                      SHA-512:FA9EEB92919D00D00E2DD5C119C8857AA00E4A6306BD03B9AFBB8208554223633180F79AE2C901FA3A2BCB5302692ECDF5DC5C180D954EE7E31EC5DF1FDA59F5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...<.........."......pHYs...#...#.x.?v....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2018-12-26T18:08:36-05:00" xmp:MetadataDate="2018-12-28T14:13:42-05:00" xmp:ModifyDate="2018-12-28T14:13:42-05:00" dc:format="image/png" xmpMM:InstanceID="xmp.iid:6c806743-c22c-de41-bd10-08e97d7

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\status4off.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 316 x 192, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4278
                                                                                                                                                                                                                      Entropy (8bit):6.577575588940934
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:GYkknGLWaOY+duT/y98EHnrHiH7giHVuwNG0A+rkGpXhwwwwwwwwwwwwwwwIHkPn:HkknEUJHrC/QwvJhwwwwwwwwwwwwwwwN
                                                                                                                                                                                                                      MD5:D72A730988DD8E1DE526A71672597BE6
                                                                                                                                                                                                                      SHA1:E6EE8763D00EFB0D09EB79E2418BF09728DB75B8
                                                                                                                                                                                                                      SHA-256:72248709C6483D8778428C19FDB0A643316AB9A25067C9975F931BB8649CE4CA
                                                                                                                                                                                                                      SHA-512:690EBA6706A4782F44D9438B53AE0A2CC5FB4B6AB6076CA11D4AD93B9D05EF3CB40D42613D7E817BE767A09B7FBD8E3E222EAEEB792487875261D1CC50570916
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...<.........."......pHYs...#...#.x.?v....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2018-12-26T18:08:36-05:00" xmp:MetadataDate="2018-12-28T14:13:54-05:00" xmp:ModifyDate="2018-12-28T14:13:54-05:00" dc:format="image/png" xmpMM:InstanceID="xmp.iid:4638ce55-94f5-9f4f-9b85-91588c9

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\status4on.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 316 x 192, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4310
                                                                                                                                                                                                                      Entropy (8bit):6.585743405833081
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:GYkknGLWaOYgMS5/y98EHnrH6H7gwHeuwNG0A+rkGpCwwwwwwwwwwwwwwwwDUmvg:HkknE9JHrahPwvIwwwwwwwwwwwwwwwwA
                                                                                                                                                                                                                      MD5:D21E6976E4C462B99D140790A55EC92A
                                                                                                                                                                                                                      SHA1:02CDCBC41E17E10B9277370D053541453FF7E849
                                                                                                                                                                                                                      SHA-256:C2AEFB793F13E7701F97183AB8FE83015B9047659206EC5E960BBCEBF0B61844
                                                                                                                                                                                                                      SHA-512:9353F7DBFFCEF3DA162C3347EB5A45909086A444B53D2E817AA138F40F21DA528C93FCE479C6E4E5A991F38F24D7E3E74547D209246AB67885CF4E590948E313
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...<.........."......pHYs...#...#.x.?v....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmp:CreateDate="2018-12-26T18:08:36-05:00" xmp:MetadataDate="2018-12-28T14:14:09-05:00" xmp:ModifyDate="2018-12-28T14:14:09-05:00" dc:format="image/png" xmpMM:InstanceID="xmp.iid:6ef18d84-284c-cd4e-855d-f7538ea

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\subbutton.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 147 x 47, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):18293
                                                                                                                                                                                                                      Entropy (8bit):3.172409576703293
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:cSskEWROxNEdisniQsc514VOmkfeQMaFaRulszJa9F4TgYpGjd:cSsktUM4omkfpFFblGJawvGjd
                                                                                                                                                                                                                      MD5:3934734E8BD8B2A2DC6A37E526E71FA2
                                                                                                                                                                                                                      SHA1:EA219CEEE5D25B8DD698D10DF14202069D2189AC
                                                                                                                                                                                                                      SHA-256:CE235AF8BBF272DC5EF85F95CA58D9FC8C74A5E90F53CF9A055C6E0BFB246CD2
                                                                                                                                                                                                                      SHA-512:04994DE57D3F1C7CC4E27DE8C86D1B20DC82F4F2046B4D7B1E6CF875AEEB42E517622164E07A19BE58E9B26846790A02895B9E12B1644C5EE1D38301581297A4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR......./......3.)....pHYs...............:.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2015 (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2018-11-18T10:41:06-05:00</xmp:CreateDate>. <xmp:ModifyDate>2018-11-18T10:42:46-05:00</xmp:ModifyDate>. <xmp:M

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\weakauras.ico

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):25016
                                                                                                                                                                                                                      Entropy (8bit):4.89514040352291
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:TWoB9dqzHpSoWTg6qcE77fiyRO0iiMjfkgHTZNQ:B9YHosn77q/V9ki8
                                                                                                                                                                                                                      MD5:73E077A50AE2BB2BE1B34803812B897A
                                                                                                                                                                                                                      SHA1:C8A7059115607A998B89BC0684FC483B9C58510E
                                                                                                                                                                                                                      SHA-256:8F9882498F40D73BABB6252CF934422A1BB77AC5E124DF91A138852815D94BDB
                                                                                                                                                                                                                      SHA-512:D847D36D138D6A4550842EDE654CB9C8D83343A65A9373C04FC7E4928438C84EDB440982D3094B94B018E815BFBFF71C95DE163583F395CE6C2C247982D5C9D7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:............ .h...V......... ......... .... .....F...00.... ..%............ ."....D..(....... ..... ............................................................................................................................................................................................................................................................................................................,...&...%...-...........,...,...,...,...-...&....................................;..................................>...........................t...G...m..............#.............................A...........(..............._...........\...................A.......u.........l.................. ...........Z...?...5...........................=.............................................J......www................+...4...................................,...2..........................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\Documents\Rotate\weakauras.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.26489.28570.exe
                                                                                                                                                                                                                      File Type:PNG image data, 383 x 153, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19680
                                                                                                                                                                                                                      Entropy (8bit):3.7275464447039934
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:BShkEWm7DeKxNF7sc5oez35HAnkrZA3QMx5GlPv/XZYOz5b1JwTV6+PCt/KPVJf:BShk6Xe479GeAQ+G5vPZV5p8V6AgIV1
                                                                                                                                                                                                                      MD5:BE570B0F84FA288FE6A47848FCA0441F
                                                                                                                                                                                                                      SHA1:3278AED0AB11B9E150EDD94F2ACF22D66760ABC3
                                                                                                                                                                                                                      SHA-256:071D8330814DB1AA9B071274672ABD9105C43A8EB7F317AD0D58457F3034E563
                                                                                                                                                                                                                      SHA-512:B7714B679E556ADBEB6919E854D0F90A8FC0BFAF575164A79A4127370F8E879EC5AF4FF428F85A0B52E70657F5EC0DB387CAE0F422903B89E0EF206614DABF4F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR.............m'......pHYs...............9.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2015 (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2018-11-08T00:23:44-05:00</xmp:CreateDate>. <xmp:MetadataDate>2018-11-08T00:23:44-05:00</xmp:MetadataDate>. <x

                                                                                                                                                                                                                      Chrome Cache Entry: 302

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):175
                                                                                                                                                                                                                      Entropy (8bit):4.966965284633015
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:tIsqDmJS4RKb5sAR+hHiATcvXjXRHRcBHoNcHtRUhVNBz2SVMzLSQQQEK/:tI9mc4slhohC/vmI4LUhVNBz1VOGQQQz
                                                                                                                                                                                                                      MD5:36830448E3F7A1A3A2D487003A091E9C
                                                                                                                                                                                                                      SHA1:5E890C51BC88F472775B79639B6C1FC51F08DC05
                                                                                                                                                                                                                      SHA-256:31264354C77C510E3AE936076B8C10048515F7F6F5B6EE3EC34FD184144DF96E
                                                                                                                                                                                                                      SHA-512:D3AA088237953AC48F2E66B6C3DFBB3A18A11F508E2F2DC650596EE5CE5908D2BEDF2AA01107F0A89DC7B113BBF63C2CB71DA113AD6625047707D3C3E4690F5B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://fonts.gstatic.com/s/i/youtube_outline/download/v9/24px.svg
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M17 18v1H6v-1h11zm-.5-6.6-.7-.7-3.8 3.7V4h-1v10.4l-3.8-3.8-.7.7 5 5 5-4.9z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 303

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):535
                                                                                                                                                                                                                      Entropy (8bit):4.785196700014432
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12:t4IlU/vmwiga9wdp0W3+O7UAJZ5QxIbD9BxFgMeqrNrWHt5RME:t4IlU/vHimn0Wf775eIbD9WqpaNDME
                                                                                                                                                                                                                      MD5:E495B672D02F15432F6710559694C362
                                                                                                                                                                                                                      SHA1:00EF999A516644D42807B71E90998384B2A4A01A
                                                                                                                                                                                                                      SHA-256:1A2B334B6A76CD63507ADAF9725E7CD6DDF9C58C1247F41AA14864AC1FDB5BB8
                                                                                                                                                                                                                      SHA-512:83D577FD5E64A4633886D626819A9DD1CE98FCCD6B22847774C24D5D2725A8149CD9306C9AA3A5C9D0EDA7007586ED425F972DF7D8D5D1A8BC9E136D19D8465E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" fill="currentColor" height="24" viewBox="0 0 24 24" width="24"><path clip-rule="evenodd" d="m3.116 5.998 16.79-2.66.157.988-16.79 2.66-.157-.988Zm-1.481.235c-.13-.819.428-1.587 1.247-1.717l16.79-2.659c.819-.13 1.587.429 1.716 1.247l.157.988.234 1.481-1.481.235L6.463 7.999H22v11.5c0 .829-.672 1.5-1.5 1.5h-17c-.828 0-1.5-.671-1.5-1.5V8.539L1.79 7.22l-.156-.987Zm7.698 3.266h-2L9 11.999H6l-1.667-2.5H3.5v10h17v-10h-3.167L19 12h-3l-1.667-2.501h-2L14 12h-3L9.333 9.499Z" fill-rule="evenodd"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 304

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):709
                                                                                                                                                                                                                      Entropy (8bit):4.22525639505645
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12:t4noU/vmRhHmsiPU0BSMmpa8gQL8nJK18IyNzT+OfIXSVHIvEdQF60hRp2BquDnc:t4oU/vgHIBBSMcNgQL8nJKCzN1f/H2uk
                                                                                                                                                                                                                      MD5:DB14717F8EB9721D86499B6B2C41E379
                                                                                                                                                                                                                      SHA1:069496D31A0A689D73513F90E5BD72E2843581EC
                                                                                                                                                                                                                      SHA-256:15308D594C7B489C6AC3F05C0CB895EEF01DC2F0589FF08B3332C9500CDF7152
                                                                                                                                                                                                                      SHA-512:A089FD02232B9276377DA115205BC35DF666582F3697558E109A660DDB2AA8215DCB5D81CA54DCC2451E8688555B6DC19316C4D4098D12803B6379DC42C78178
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M10 14.65v-5.3L15 12l-5 2.65zm7.77-4.33-1.2-.5L18 9.06c1.84-.96 2.53-3.23 1.56-5.06s-3.24-2.53-5.07-1.56L6 6.94c-1.29.68-2.07 2.04-2 3.49.07 1.42.93 2.67 2.22 3.25.03.01 1.2.5 1.2.5L6 14.93c-1.83.97-2.53 3.24-1.56 5.07.97 1.83 3.24 2.53 5.07 1.56l8.5-4.5c1.29-.68 2.06-2.04 1.99-3.49-.07-1.42-.94-2.68-2.23-3.25zm-.23 5.86-8.5 4.5c-1.34.71-3.01.2-3.72-1.14-.71-1.34-.2-3.01 1.14-3.72l2.04-1.08v-1.21l-.69-.28-1.11-.46c-.99-.41-1.65-1.35-1.7-2.41-.05-1.06.52-2.06 1.46-2.56l8.5-4.5c1.34-.71 3.01-.2 3.72 1.14.71 1.34.2 3.01-1.14 3.72L15.5 9.26v1.21l1.8.74c.99.41 1.65 1.35 1.7 2.41.05 1.06-.52 2.06-1.46 2.56z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 305

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):631
                                                                                                                                                                                                                      Entropy (8bit):4.523426024540581
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12:t47N9U/vmRlNAz9Cf2+uFNxLjRJqpOyaIj24iexYNjbnME:t4jU/vwAz9C2NDx7MraCvC/ME
                                                                                                                                                                                                                      MD5:CF8624D2CB9D056B69F4240D26676F42
                                                                                                                                                                                                                      SHA1:B6D1C7111D039427E2605490C40992C47021E1C7
                                                                                                                                                                                                                      SHA-256:384FBC48B9DAAAAE43546C01BAAC0F19EAF764549ABC66FE69A9E9675A14D0A3
                                                                                                                                                                                                                      SHA-512:8500302D48ACDDAD24B051A44482305D92B349A054BF006E0FCA901DC55CC06DF826D28A39432ED7A92B7FB76E1D351945606DA87A0F0D3127E66D1CF2DDC90B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24" viewBox="0 0 24 24" width="24"><path d="M13 13.72V22h-2v-8.28c-.6-.35-1-.98-1-1.72 0-1.1.9-2 2-2s2 .9 2 2c0 .74-.4 1.38-1 1.72zm-5.23 2.53 1.42-1.42C8.45 14.11 8 13.11 8 12c0-2.21 1.79-4 4-4s4 1.79 4 4c0 1.11-.45 2.11-1.18 2.83l1.42 1.42C17.33 15.16 18 13.66 18 12c0-3.31-2.69-6-6-6s-6 2.69-6 6c0 1.66.67 3.16 1.77 4.25zm-2.83 2.83 1.42-1.42C4.9 16.21 4 14.21 4 12c0-4.41 3.59-8 8-8s8 3.59 8 8c0 2.21-.9 4.21-2.35 5.66l1.42 1.42C20.88 17.27 22 14.77 22 12c0-5.52-4.48-10-10-10S2 6.48 2 12c0 2.77 1.12 5.27 2.94 7.08z" fill-rule="evenodd"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 306

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):214
                                                                                                                                                                                                                      Entropy (8bit):5.096829767629689
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:tI9mc4slhLJ9hC/vmI4MJqgzQFqYgXT085Y:t47N9U/vmRYOF4Tm
                                                                                                                                                                                                                      MD5:BDC934DCE4645CFA785C33E037A00EFF
                                                                                                                                                                                                                      SHA1:87281A6721F6ACAE1DA886D68A9BA04F009831DC
                                                                                                                                                                                                                      SHA-256:09C41C2AC9873188C095279472467BE0EB4166C5E22AE52BA04E937AC94FC203
                                                                                                                                                                                                                      SHA-512:74331EE305E92CC3BF172624469D9789BE82A2D48EB1791210931C125F40298EC96F3875D8CFD25E8F323071D041930CDD1BADFD0AF9B032D290B56E3E838048
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://fonts.gstatic.com/s/i/youtube_outline/subscriptions/v8/24px.svg
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24" viewBox="0 0 24 24" width="24"><path d="M10 18v-6l5 3-5 3zm7-15H7v1h10V3zm3 3H4v1h16V6zm2 3H2v12h20V9zM3 10h18v10H3V10z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 307

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):218
                                                                                                                                                                                                                      Entropy (8bit):5.088157969445009
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:tI9mc4slhLJ9hC/vmI4SDJhK+WkjWp2IGLb:t47N9U/vmRWhKdkjs2db
                                                                                                                                                                                                                      MD5:46911EFE9CA3F93489D0C1927BBD5B98
                                                                                                                                                                                                                      SHA1:A587985F1FD3DC99B495BCC620E2351F9BAA13E2
                                                                                                                                                                                                                      SHA-256:B202492060B933CE3BCD93EED56F46AB442C61ACBBA6D4C47921417A06439096
                                                                                                                                                                                                                      SHA-512:AA70F29C404DF62CCC4514ED432B4315E423FFEF7AB79DFD8985C58909CFA6263EE5F2A8D0A251A4BF0ECB491C9A39D6A6E2A99307A4A75F910530F60633023A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://fonts.gstatic.com/s/i/youtube_outline/message_bubble_alert/v6/24px.svg
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24" viewBox="0 0 24 24" width="24"><path d="M13 14h-2v-2h2v2zm0-9h-2v6h2V5zm6-2H5v16.59l3.29-3.29.3-.3H19V3m1-1v15H9l-5 5V2h16z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 308

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):372
                                                                                                                                                                                                                      Entropy (8bit):4.852483300837517
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:tI9mc4slhohgqWHiA4vmI4lAwuQgQIVY6Wqx5Xt6M0TRcmQTIfyuETUrNmraXnPZ:t4noOAvmRHnIq6JmM0T7QobETUrsOpka
                                                                                                                                                                                                                      MD5:388308EEFFE6F910D8A30CA28F6A4306
                                                                                                                                                                                                                      SHA1:864144A8145338E37C1DEF12177A02EECBABA4A2
                                                                                                                                                                                                                      SHA-256:A78851FF5ED5AB0CB2DE879F608214C4C33BC41841F279B1F622835407AEA643
                                                                                                                                                                                                                      SHA-512:460C26A65AB98BAD2574A5A3405CBFEC71465544632887C388E982E84EBEC2E45F21D703767783199186C51A2998965EAB3A66F5ECD4753E26D6B257ECDAD0DD
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" height="24" style="enable-background:new 0 0 24 24;" viewBox="0 0 24 24" width="24"><path d="M12.5 6.44v-.5C13.36 5.71 14 4.93 14 4c0-1.1-.9-2-2-2s-2 .9-2 2h1c0-.55.45-1 1-1s1 .45 1 1-.45 1-1 1h-.5v1.44L4 13h2v6h1v2h1v-2h2v3h1v-3h2v2h1v-2h1v-3h3v-3h2l-7.5-6.56zM6.66 12 12 7.33 17.34 12H6.66zM14 18H7v-5h7v5zm1-3v-2h2v2h-2z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 309

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):367
                                                                                                                                                                                                                      Entropy (8bit):4.678729266974906
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:tI9mc4slhohC/vmI4uZBPeRPbmcsstyLTngAV99WTc6XzQuJ3/vh7QrS3/IUp+wb:t4noU/vmRyPeR9YngQ9Ec6jhJ3XBAUp5
                                                                                                                                                                                                                      MD5:A28E7BAA1C8C78EFFBDB2D0AB01D9EF3
                                                                                                                                                                                                                      SHA1:F3408C777CFED5C38AF966596750F675637B012E
                                                                                                                                                                                                                      SHA-256:7A7A47330CB72F09686EDF979205FA844FA134556F81F046EFECF07B1401A557
                                                                                                                                                                                                                      SHA-512:14AE281980FA9715DFFF5BB4F22EE6B4959F3C15355B71AA65E43392E598F40DFFDDFBC0670D02D29A7C7A238B0066064174385439D0291275FAEDCE26808146
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://fonts.gstatic.com/s/i/youtube_outline/bag/v5/24px.svg
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M7 8c0 2.76 2.24 5 5 5s5-2.24 5-5h-1c0 2.21-1.79 4-4 4s-4-1.79-4-4H7zm9.9-2c-.46-2.28-2.48-4-4.9-4S7.56 3.72 7.1 6H4v14c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2V6h-3.1zM12 3c1.86 0 3.43 1.27 3.87 3H8.13c.44-1.73 2.01-3 3.87-3zm7 17c0 .55-.45 1-1 1H6c-.55 0-1-.45-1-1V7h14v13z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 310

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):78
                                                                                                                                                                                                                      Entropy (8bit):4.858681545591168
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:tIsqDmJS4RKb5KVErcHghI4KuP0WTC:tI9mc4slmR4rTC
                                                                                                                                                                                                                      MD5:5FFB1290441ED5E56850CC92DB640DBA
                                                                                                                                                                                                                      SHA1:ABD55D2B6EE392BBC8A89FDCE5B8560E37119D90
                                                                                                                                                                                                                      SHA-256:C74EF8500A3AE98D1E16F03B030BFD6726DE72A8911FC397D3301E4B9D86369B
                                                                                                                                                                                                                      SHA-512:83826FC55AF7335F3AE5E14CAD4056942F3F9C3FA3781258A771710DE1D32EB3412897F6AC3E09090192BE11EB490F996EB475E7B563EB6CD6B15A8F3A1B008F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg"><path d="M8 5v14l11-7z"></path></svg>.

                                                                                                                                                                                                                      Chrome Cache Entry: 311

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (715)
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):50864
                                                                                                                                                                                                                      Entropy (8bit):5.373395144483294
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:Ifd5uRCNiAL1Asnivz3wBE5F4RDP8eOC4V1F:IfdURCkKniv8Be4x8VF
                                                                                                                                                                                                                      MD5:9E1F5B2285BCE3A471297B1505058B57
                                                                                                                                                                                                                      SHA1:C0CBE8B0A96F32C25ADBAE33932188D495A4135C
                                                                                                                                                                                                                      SHA-256:708021B0A03278843AFDF5190777B25BEAD3458548E7C221AC1FF6F6E6E17BAD
                                                                                                                                                                                                                      SHA-512:A10B9F0FA257580A1E44B5F756F99A149193D6B71F98590EBA7BFF2A6A3853C32A0D8D44A8967154EEFAB884D7964D148D38991393CC4785249F38253242099B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://www.youtube.com/s/desktop/c7dc2eb1/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js
                                                                                                                                                                                                                      Preview:/*.. Copyright 2014 Google Inc. All rights reserved... Licensed under the Apache License, Version 2.0 (the "License");. you may not use this file except in compliance with the License.. You may obtain a copy of the License at.. http://www.apache.org/licenses/LICENSE-2.0.. Unless required by applicable law or agreed to in writing, software. distributed under the License is distributed on an "AS IS" BASIS,. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.. See the License for the specific language governing permissions and. limitations under the License... Copyright 2016 Google Inc. All rights reserved... Licensed under the Apache License, Version 2.0 (the "License");. you may not use this file except in compliance with the License.. You may obtain a copy of the License at.. http://www.apache.org/licenses/LICENSE-2.0.. Unless required by applicable law or agreed to in writing, software. distributed under the License is distributed on an "AS IS" BASIS,.

                                                                                                                                                                                                                      Chrome Cache Entry: 312

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):163
                                                                                                                                                                                                                      Entropy (8bit):4.900439585813596
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:tIsqDmJS4RKb5sAR+hHiATcvXjXRHRcBHoNcHMwYSf104XTIUGnYRt8n+R9ZK/:tI9mc4slhohC/vmI4NX104XEUv8
                                                                                                                                                                                                                      MD5:5D73D2DFB1BEA872F0CEB93909FE6887
                                                                                                                                                                                                                      SHA1:DEF95E494B458D0E5B4BC0B082AB6C791216E932
                                                                                                                                                                                                                      SHA-256:EB908A46A75151ADC11154E759DB9BE111AFC67CDA5317AC26B43E3654FD4BD7
                                                                                                                                                                                                                      SHA-512:2F44B65FE52EE707D1696DE15EC18DB38521D5A848C3F9BD1352BF7BC2A8CA07CF28A98ED891D663F062CA952C72F0082ADB556053D827811E638D649E8FCB2D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://fonts.gstatic.com/s/i/youtube_outline/list_play_arrow/v8/24px.svg
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M22 7H2v1h20V7zm-9 5H2v-1h11v1zm0 4H2v-1h11v1zm2 3v-8l7 4-7 4z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 313

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:PNG image data, 144 x 144, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):1604
                                                                                                                                                                                                                      Entropy (8bit):7.723372099973179
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24:TPbPgjm7s5b16z1NLFmP7a0tZ7cNIscItJjgMzu/xzBbBA8xX8Cy0O88qzB:TDAQkhEFcabIsP/kMzu/x1uVCy0OId
                                                                                                                                                                                                                      MD5:0D4401E3204C5BDED7BDA1BC5006C8BB
                                                                                                                                                                                                                      SHA1:5B685826D7FB7D2CF3B26A1433EEE436B6106648
                                                                                                                                                                                                                      SHA-256:8BB54B1D8FD6C36C9682BAE40C1B8C1AF35AFB4B41E9A32E4202D24EF097A7A8
                                                                                                                                                                                                                      SHA-512:1E99AB788AB678D734AE55095FD442A5064982521ED72E71134A57989F2A73A586ACF5754E8ACBC458EAADB42904A1CE0F220008EC1954A67CD0B86D0DB57973
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://www.gstatic.com/youtube/img/branding/favicon/favicon_144x144_v2.png
                                                                                                                                                                                                                      Preview:.PNG........IHDR..............F.....IDATx.....$I.F.m.m.m.wl.m.,....?#262f....v....u....j-3C4. ...................................@@ ..@@k....,...r.\&..].<%o.{.. ....H.I'.....Kj..en....L.A....k"...T....yM......Z....x9Pv...! .....)7....".....q2C..H.L...O.K}.Y...&...+.....P....E.(.d..j..... /.y..*.H.....Tl..R.....Wx@.K..JR,.SP,.d.....g]yQ..r...UYo...?......Kv..(..5A.yi.....~....C^K.{OT^<.K.1.z.z....X.x5m@A<GJ.X.(.....H.(C.t..x..+.P,{...s.4...f.x..bi.....(.......1........X...e.4\,..S..?.4.9>..e.:X....a@....85..I1 .w..}#.d..0..b@.j.....2.3.h.........zl.D.....Y,..lmv.....kk...b9/5......f;..._>.v.].7...y....l... ;.n.....2..qB.w......(..].... 2w.......OA..G..6?.0.{...)....t..^7[.8......~%.2..`.co#..~t..#.r.-..kd....r.H.....e...w.F..N..pFN4..1....+.e8.;..{...ur.."..q...+.m..........;~...k......J..r....5..J..f.P.....i.O..i......g....>7[.\.\.J.h...f.<..k....h.O.Nf.\...+...YZ`.A..MO# ..r...9..'.U5.W&.U..@...@.D@....."..Lt..3.S...."M.....W..P..h.g$rFb6...:..

                                                                                                                                                                                                                      Chrome Cache Entry: 314

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):651
                                                                                                                                                                                                                      Entropy (8bit):4.46155201399217
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12:t47N9U/vmnqMViiuJJsUG0aLn+djONWQismTRIaZmU5SuX6RfM3FLvTkwWEarekr:t4jU/vns0aLn+djqWQismiaZ5SuKNMFo
                                                                                                                                                                                                                      MD5:C34B523D2E0170B739016B744ECD8132
                                                                                                                                                                                                                      SHA1:F7CA671F70271C053516306DF1820618C279E657
                                                                                                                                                                                                                      SHA-256:55C9BBA2243E3B97567B36A6F9C888A52805E5B6C391168C892D5D024BC01266
                                                                                                                                                                                                                      SHA-512:01AE29522C00F9761ECE2399306313A85BB5E65797011BAFFC40BBA54540B718F423F5707A67EB16B43B78EFFE1D40906B4E422D1AF7FCE8BBC0C32A8F9BAF46
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24" viewBox="0 0 24 24" width="24"><g><path d="M14 12c0 1.1-.9 2-2 2s-2-.9-2-2 .9-2 2-2 2 .9 2 2zM8.48 8.45l-.71-.7C6.68 8.83 6 10.34 6 12s.68 3.17 1.77 4.25l.71-.71C7.57 14.64 7 13.39 7 12s.57-2.64 1.48-3.55zm7.75-.7-.71.71c.91.9 1.48 2.15 1.48 3.54s-.57 2.64-1.48 3.55l.71.71C17.32 15.17 18 13.66 18 12s-.68-3.17-1.77-4.25zM5.65 5.63l-.7-.71C3.13 6.73 2 9.24 2 12s1.13 5.27 2.95 7.08l.71-.71C4.02 16.74 3 14.49 3 12s1.02-4.74 2.65-6.37zm13.4-.71-.71.71C19.98 7.26 21 9.51 21 12s-1.02 4.74-2.65 6.37l.71.71C20.87 17.27 22 14.76 22 12s-1.13-5.27-2.95-7.08z"/></g></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 315

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1397
                                                                                                                                                                                                                      Entropy (8bit):4.072255971332097
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24:t4IlU/vH/PiO2pHva7aGKy6sXSv3vudpuSgzy6hSvQV1udpuSQ4vGMDy6hSvz8uD:g//2pHyXKyHOxyeV/4vG8yFFhV
                                                                                                                                                                                                                      MD5:0A7F8FCED286EFEC1055402A7CFF3A00
                                                                                                                                                                                                                      SHA1:D6582EBEF5090CF997205DA0761B27C880F406B2
                                                                                                                                                                                                                      SHA-256:9B803CFF5F9CCCBF2505A59F096BBCEC6420D038703037BBAFE191F07B433F1D
                                                                                                                                                                                                                      SHA-512:0017F07DC4AB88E7E7519604E2155DD8310603B0F3F14AF18DFAFCFFBE9038BEF25C41C89C44DB62B1035DBE38EC53213E458FA4D87898A53D596A87EF1AC910
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" fill="currentColor" height="24" viewBox="0 0 24 24" width="24"><path clip-rule="evenodd" d="M3.167 2C2.247 2 1.5 2.748 1.5 3.672c0 2.138 3 3.679 3 3.679s3-1.541 3-3.68C7.5 2.749 6.753 2 5.833 2c-.545 0-1.029.263-1.333.669C4.196 2.263 3.712 2 3.167 2ZM16.5 19l1.5-2h3l1.5 2-3 3-3-3ZM12 9l2.5 1.5v3L12 15l-2.5-1.5v-3L12 9Zm0-3.25c.69 0 1.25-.56 1.25-1.25S12.69 3.25 12 3.25s-1.25.56-1.25 1.25.56 1.25 1.25 1.25ZM12 7c1.38 0 2.5-1.12 2.5-2.5S13.38 2 12 2 9.5 3.12 9.5 4.5 10.62 7 12 7Zm1.25 12.5c0 .69-.56 1.25-1.25 1.25s-1.25-.56-1.25-1.25.56-1.25 1.25-1.25 1.25.56 1.25 1.25Zm1.25 0c0 1.38-1.12 2.5-2.5 2.5s-2.5-1.12-2.5-2.5S10.62 17 12 17s2.5 1.12 2.5 2.5Zm-10 1.25c.69 0 1.25-.56 1.25-1.25s-.56-1.25-1.25-1.25-1.25.56-1.25 1.25.56 1.25 1.25 1.25Zm0 1.25C5.88 22 7 20.88 7 19.5S5.88 17 4.5 17 2 18.12 2 19.5 3.12 22 4.5 22ZM20.75 4.5c0 .69-.56 1.25-1.25 1.25s-1.25-.56-1.25-1.25.56-1.25 1.25-1.25 1.25.56 1.25 1.25Zm1.25 0C22 5.88 20.88 7 19.5 7S17 5.88 17 4.5

                                                                                                                                                                                                                      Chrome Cache Entry: 316

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):259
                                                                                                                                                                                                                      Entropy (8bit):4.934032927917805
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:tI9mc4slhohC/vmI4K+tlq2LwkzdO+iEuUDXpzBX6RlUFDA:t4noU/vmRxxVzMHUFX4Q0
                                                                                                                                                                                                                      MD5:F3AFFCB5D33857F7701EA77BB03026C8
                                                                                                                                                                                                                      SHA1:18EEE961EA2690791898EBE6A1BEE7C6DF0DA051
                                                                                                                                                                                                                      SHA-256:E3B0DCD76E8387AC87E54B1153DF400D9D5D2079DBA7AFB04AB0A31F8E50B173
                                                                                                                                                                                                                      SHA-512:D07A81CD18096FB5C3B6549950EAB68DA45651E1209F1CDF6441CFDE01050C6E5A0FC596A45B761F3D387902DF3F1706BBE7F97DDBBBD11AAEEC83A70D08F3DC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M18 5V2H6v3H3v6l3.23 1.61c.7 2.5 2.97 4.34 5.69 4.38L8 19v3h8v-3l-3.92-2.01c2.72-.04 4.99-1.88 5.69-4.38L21 11V5h-3zM6 11.38l-2-1V6h2v5.38zm14-1-2 1V6h2v4.38z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 317

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):190
                                                                                                                                                                                                                      Entropy (8bit):4.7187854291824936
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:tIsqDmJS4RKb5sAR+hHiATcvXjXRHRcBHlbRvFjonQFWL4UUk+uUQRNru7u5WLp+:tI9mc4slhohC/vmVR9MQF1Nk+bQLL0LA
                                                                                                                                                                                                                      MD5:DFF69AA895E01665A126FC2141C94FE5
                                                                                                                                                                                                                      SHA1:4064D2365E13C8A346B1D4BBE31BECD3A18CF5B1
                                                                                                                                                                                                                      SHA-256:811E9985BE1AC4E4D630F4B232CEEE366801CB5F82EE306A574C1CE9F844F673
                                                                                                                                                                                                                      SHA-512:CDC9FC460CBDA1DA0EF8E7A079FCBBF717E800F732923607DFBFA57E00FD3E8A2B487E9D2FEA95294DEDBA9DA5CFD42491BD3AC65219AEC954A20CB90FDE49B5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><polygon points="19.35,11.5 11.5,3.65 3.65,11.5 4.35,12.21 11,5.56 11,20 12,20 12,5.56 18.65,12.21"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 318

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):163
                                                                                                                                                                                                                      Entropy (8bit):4.900439585813596
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:tIsqDmJS4RKb5sAR+hHiATcvXjXRHRcBHoNcHMwYSf104XTIUGnYRt8n+R9ZK/:tI9mc4slhohC/vmI4NX104XEUv8
                                                                                                                                                                                                                      MD5:5D73D2DFB1BEA872F0CEB93909FE6887
                                                                                                                                                                                                                      SHA1:DEF95E494B458D0E5B4BC0B082AB6C791216E932
                                                                                                                                                                                                                      SHA-256:EB908A46A75151ADC11154E759DB9BE111AFC67CDA5317AC26B43E3654FD4BD7
                                                                                                                                                                                                                      SHA-512:2F44B65FE52EE707D1696DE15EC18DB38521D5A848C3F9BD1352BF7BC2A8CA07CF28A98ED891D663F062CA952C72F0082ADB556053D827811E638D649E8FCB2D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M22 7H2v1h20V7zm-9 5H2v-1h11v1zm0 4H2v-1h11v1zm2 3v-8l7 4-7 4z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 319

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):187
                                                                                                                                                                                                                      Entropy (8bit):5.110752654085156
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:tIsqDmJS4RKb5sAR+hHAquqFbV9jXReHFAATcvXjXRHRcBHoNcHVaocoaQgeFOK/:tI9mc4slhohgqWHiA4vmI4VPgq
                                                                                                                                                                                                                      MD5:590C4B291CE0B9AD72E436BD0777D562
                                                                                                                                                                                                                      SHA1:974DC251B395357A38A0EC06CB87C28F70A23CB1
                                                                                                                                                                                                                      SHA-256:F40804CDE31FC6CE2B19B2E4DE7189916146031A5D7958B4512D30751B767D00
                                                                                                                                                                                                                      SHA-512:5DE6F1C10AF2C9EAD02B9DCA07FC4B23E0B34872CB1904FE2EED57BD2C4739CAC0A5FEE24401B457F146F5A6D43DE807E1D44DD4D33AA3B8BBA33B107428AF77
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" height="24" style="enable-background:new 0 0 24 24;" viewBox="0 0 24 24" width="24"><path d="M9 5.87 18.2 12 9 18.13V5.87M8 4v16l12-8L8 4z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 320

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:ISO Media, Apple iTunes ALAC/AAC-LC (.M4A) Audio
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):6953
                                                                                                                                                                                                                      Entropy (8bit):4.97426625305529
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:c3q9R1ETjY1k9kudJQphE2HcjHVSdDtIYIsFsiLQ96ziV:r9zEfWWkwJQphjHgkvIYJi0QF
                                                                                                                                                                                                                      MD5:645F01C1901427F176085F2F984C6139
                                                                                                                                                                                                                      SHA1:AA5E66A1B49B4840EF30B765712178DA237CD74A
                                                                                                                                                                                                                      SHA-256:18D91A4732D34F80E3B785F0EE2F3FA5102582D5DA3BC44C76AFBCF87D5E4A50
                                                                                                                                                                                                                      SHA-512:6913F0471E4510FC5B95A7317C2347B6B5835973BBFC5F51A28A9EC6AF2A29D67BEC4B4B1A434A19610F75A8547C584582FC690E5392B466D534EB5876BEAEF2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://www.youtube.com/s/search/audio/no_input.mp3:2f8ec586dd2f2a:0
                                                                                                                                                                                                                      Preview:... ftypM4A ....M4A mp42isom........moov...lmvhd.............D..`.................................................@..................................%trak...\tkhd....................`.................................................@...............mdia... mdhd.............D..`.U......"hdlr........soun.................wminf....smhd...........$dinf....dref............url .......;stbl...gstsd...........Wmp4a.........................D.....3esds........"........@.............................stts...................(stsc...................................tstsz...............................................................{...q...h...d..._..._...W...^...b...U...K........stco...............|....udta....meta......."hdlr........mdirappl.............oilst.....nam....data........cancel....cpil....data.............pgap....data.............tmpo....data.............(.too... data........iTunes 12.3.1.23....----....mean....com.apple.iTunes....name....iTunSMPB....data........ 00000000 00000840 0000

                                                                                                                                                                                                                      Chrome Cache Entry: 321

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):127
                                                                                                                                                                                                                      Entropy (8bit):4.930844660349543
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:tIsqDmJS4RKb5sAR+hHiATcvXjXRHRcBHoNcHL1FId/cIS0:tI9mc4slhohC/vmI4spn
                                                                                                                                                                                                                      MD5:2C360266A09D79360E247507EF3D2D60
                                                                                                                                                                                                                      SHA1:AC14D7F9042F470FEE0D48B3D9E6EDBC505285BC
                                                                                                                                                                                                                      SHA-256:A1C7A119AC9C663E0CD98E8BA6992F8B876F19D92252EB4FDFB1AF0594B70061
                                                                                                                                                                                                                      SHA-512:FEFE8721063067B784D713E43FF5C05928AFCC19ED2BB5B07536F39523B7F3B2C61E8E98EC68F0E8BF8E406262D00F5A77A0A5A7DA07A2D49EF479FF04D2B1CF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M9 19H7V5h2Zm8-14h-2v14h2Z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 322

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):259
                                                                                                                                                                                                                      Entropy (8bit):4.710851372205651
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:tI9mc4slhohC/vmI4zmgwDe4btnRm31IE2l0kjMswple9SY:t4noU/vmRzmgw3tnRm31IEURwpY
                                                                                                                                                                                                                      MD5:AA228455232ACB0A6378FED3354869AB
                                                                                                                                                                                                                      SHA1:3447461B1713396150ED0DB5067AE45BFE9F024B
                                                                                                                                                                                                                      SHA-256:1C594744993B086F8C4D3ABE3A4EF2794F1D1BF0D680A354EC0561AFCE427140
                                                                                                                                                                                                                      SHA-512:CE2D4D2D8204EEB68E702F71D87B56CE970B4ACDF547AB20FA4A8B281C655FF41BC175A7949F6B453D7ED4A7EF8DE28C2B6774A67708DB8B7047DB3DFDFC2991
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://fonts.gstatic.com/s/i/youtube_outline/add_circle/v3/24px.svg
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M17 13h-4v4h-2v-4H7v-2h4V7h2v4h4v2zM12 3c-4.96 0-9 4.04-9 9s4.04 9 9 9 9-4.04 9-9-4.04-9-9-9m0-1c5.52 0 10 4.48 10 10s-4.48 10-10 10S2 17.52 2 12 6.48 2 12 2z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 323

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):251
                                                                                                                                                                                                                      Entropy (8bit):5.1580903557505975
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:tI9mc4slhohgqWHiA4vmI4hi6Dd7kC0qmjWpYp:t4noOAvmRnJ7l0pWpYp
                                                                                                                                                                                                                      MD5:931DADAA2F58D46D80735C58183888D0
                                                                                                                                                                                                                      SHA1:FDB576A133B05B9E28D71E7901B1971CB0335A7C
                                                                                                                                                                                                                      SHA-256:D59C1758BAFD761AC0CFAE8C33F29DD4F1229F6369E4C36FB3DF9C2DAC2E394F
                                                                                                                                                                                                                      SHA-512:D4C09F78A450717FEF762941DD897AD5CB3BBE23308E9092DC23E872285F3A17E74FDCCE4492E1ADFAEA0DB2C57229A7469F02816DF5D10092CCFEF26B5F6728
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" height="24" style="enable-background:new 0 0 24 24;" viewBox="0 0 24 24" width="24"><path d="M14 13h-3v3H9v-3H6v-2h3V8h2v3h3v2zm3-7H3v12h14v-6.39l4 1.83V8.56l-4 1.83V6m1-1v3.83L22 7v8l-4-1.83V19H2V5h16z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 324

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):1296
                                                                                                                                                                                                                      Entropy (8bit):4.260124513555184
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24:t4IlU/vHFQB9Am3OB/BM7lR77Wvdn2U+GcncJkAyLMq8zHzekFrME:g/Xm3QSH72nn+GcnvVb6CkJ
                                                                                                                                                                                                                      MD5:ADD1031899FC3C245F640B715CFF77A3
                                                                                                                                                                                                                      SHA1:496D864703D52A645BB507D1CFDC5CEF7D4F60CA
                                                                                                                                                                                                                      SHA-256:BE83D15D268EE5C75DAEEF6C471E7DD43E62ABB00F26693A98EC6E3F80BB7A13
                                                                                                                                                                                                                      SHA-512:DD6E78393A5FC27534D4120E0FE778E2BD81C014723C7FF8DDCB67815B9ADB4D9B33F61BF53074C3663E7A36E7B12F7F55E885DDC7BB14DC1BFBB0F06C28994E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://fonts.gstatic.com/s/i/youtube_outline/bag_cairo/v2/24px.svg
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" fill="currentColor" height="24" viewBox="0 0 24 24" width="24"><path clip-rule="evenodd" d="M12 2.5c-.328 0-.653.065-.957.19-.303.126-.579.31-.81.542-.233.232-.417.508-.543.811-.125.304-.19.629-.19.957v1h5V5c0-.328-.065-.653-.19-.957-.126-.303-.31-.579-.542-.81-.232-.233-.508-.417-.811-.543-.304-.125-.629-.19-.957-.19ZM16 5v1h3.5c.828 0 1.5.672 1.5 1.5V18c0 2.21-1.79 4-4 4H7c-2.21 0-4-1.79-4-4V7.5C3 6.672 3.672 6 4.5 6H8V5c0-.525.103-1.045.304-1.53.201-.486.496-.927.868-1.298.371-.372.812-.667 1.297-.868C10.955 1.104 11.475 1 12 1c.525 0 1.045.103 1.53.304.486.202.927.496 1.298.868.372.371.667.812.867 1.297C15.896 3.955 16 4.475 16 5Zm-4 7.5c-.328 0-.653-.065-.957-.19-.303-.126-.579-.31-.81-.542-.233-.232-.417-.508-.543-.811-.125-.304-.19-.629-.19-.957 0-.414-.336-.75-.75-.75S8 9.586 8 10c0 .525.103 1.045.304 1.53.201.486.496.927.868 1.298.371.372.812.667 1.297.867.486.201 1.006.305 1.531.305.525 0 1.045-.104 1.53-.305.486-.2.927-.495 1.298-.867.

                                                                                                                                                                                                                      Chrome Cache Entry: 325

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):311
                                                                                                                                                                                                                      Entropy (8bit):4.773843844737949
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:tI9mc4slhohC/vmI4tSSJhrtldwFSrSLwKTksQchiR29UZqbivGSY:t4noU/vmRtXrtvwFSgTksJh42K9pY
                                                                                                                                                                                                                      MD5:D5E9A724519F1A72A4FEECDEA710B2D7
                                                                                                                                                                                                                      SHA1:75040CDBB6269D16066A1CC97973CBD35FB3EAF6
                                                                                                                                                                                                                      SHA-256:119BEF082F4459AC47AC8C95CC7F5901D60BF2AFE47DE7314E479BDA835CD593
                                                                                                                                                                                                                      SHA-512:55A2C26244423311D30C64F06E1AFAD3035D318F7948FED5F2D386FFE9AF1C48077F59036FB1B8BD368875F953CC2F2BE627CD6F5231CEE5119961CA523E8716
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M14.97 16.95 10 13.87V7h2v5.76l4.03 2.49-1.06 1.7zM12 2C8.73 2 5.8 3.44 4 5.83V3.02H2V9h6V7H5.62C7.08 5.09 9.36 4 12 4c4.41 0 8 3.59 8 8s-3.59 8-8 8-8-3.59-8-8H2c0 5.51 4.49 10 10 10s10-4.49 10-10S17.51 2 12 2z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 326

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):416
                                                                                                                                                                                                                      Entropy (8bit):4.4998346788589245
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:tI9mc4slmOVIhSXX5xkgm2OCOuLQcTVgXF78Q46yAajyBxQkm3nKYKM1xE5LQI06:t4IjEXX1OC/QcuXFYFjyrQw15L2n6
                                                                                                                                                                                                                      MD5:DEDDD7D24561E4F2792208764242D5FA
                                                                                                                                                                                                                      SHA1:DA1A06B033CE9F27DD891B49E71FF3269A9F148C
                                                                                                                                                                                                                      SHA-256:73C8A18F388DF73D60C4AF2CF0700F889AD24D1557F79C63E37E9C9EAFC9C63F
                                                                                                                                                                                                                      SHA-512:8A738BB011625C122919C4D8216E285A51CDBA0EAEC6EBF1D16CE367312CCB13C8FD61BE1FACE96FE9746DF2F106BB788182F31C2222F7840A7EEC5A9731A94C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://www.gstatic.com/youtube/img/icons/web/youtube_fill/volume-off/v1/24px.svg
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg"><path d="M16.5 12c0-1.77-1.02-3.29-2.5-4.03v2.21l2.45 2.45c.03-.2.05-.41.05-.63zm2.5 0c0 .94-.2 1.82-.54 2.64l1.51 1.51C20.63 14.91 21 13.5 21 12c0-4.28-2.99-7.86-7-8.77v2.06c2.89.86 5 3.54 5 6.71zM4.27 3L3 4.27 7.73 9H3v6h4l5 5v-6.73l4.25 4.25c-.67.52-1.42.93-2.25 1.18v2.06c1.38-.31 2.63-.95 3.69-1.81L19.73 21 21 19.73l-9-9L4.27 3zM12 4L9.91 6.09 12 8.18V4z"></path></svg>.

                                                                                                                                                                                                                      Chrome Cache Entry: 327

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):175
                                                                                                                                                                                                                      Entropy (8bit):4.966965284633015
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:tIsqDmJS4RKb5sAR+hHiATcvXjXRHRcBHoNcHtRUhVNBz2SVMzLSQQQEK/:tI9mc4slhohC/vmI4LUhVNBz1VOGQQQz
                                                                                                                                                                                                                      MD5:36830448E3F7A1A3A2D487003A091E9C
                                                                                                                                                                                                                      SHA1:5E890C51BC88F472775B79639B6C1FC51F08DC05
                                                                                                                                                                                                                      SHA-256:31264354C77C510E3AE936076B8C10048515F7F6F5B6EE3EC34FD184144DF96E
                                                                                                                                                                                                                      SHA-512:D3AA088237953AC48F2E66B6C3DFBB3A18A11F508E2F2DC650596EE5CE5908D2BEDF2AA01107F0A89DC7B113BBF63C2CB71DA113AD6625047707D3C3E4690F5B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M17 18v1H6v-1h11zm-.5-6.6-.7-.7-3.8 3.7V4h-1v10.4l-3.8-3.8-.7.7 5 5 5-4.9z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 328

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):216
                                                                                                                                                                                                                      Entropy (8bit):4.947192163768535
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:tI9mc4slhohC/vmI4mqUEUKFI8iyNd1LkBEo8:t4noU/vmREaI83O8
                                                                                                                                                                                                                      MD5:FAF3B1C051434D1FC1CFC3335A1015AF
                                                                                                                                                                                                                      SHA1:A04C68D74A3CCD626617EFEC131D004F4594EF53
                                                                                                                                                                                                                      SHA-256:C32E7D6B3FC895BB9D822E322CD3D39C49CAEFA647E4FABFC3DD8926FAEB89A4
                                                                                                                                                                                                                      SHA-512:23BDBD1C69E5B225A417646E742D7F238D7E311A17C866CE563CC82791054CF065F7C0CCD0970E8CAF75A340F1D3D5164BE257578BBE0AC0E8C15A2BCF862022
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="m22.01 4.91-.5-2.96L1.64 5.19 2 8v13h20V8H3.06l18.95-3.09zM18 9l1 3h-3l-1-3h3zm-5 0 1 3h-3l-1-3h3zM8 9l1 3H6L5 9h3z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 329

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):127
                                                                                                                                                                                                                      Entropy (8bit):4.930844660349543
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:tIsqDmJS4RKb5sAR+hHiATcvXjXRHRcBHoNcHL1FId/cIS0:tI9mc4slhohC/vmI4spn
                                                                                                                                                                                                                      MD5:2C360266A09D79360E247507EF3D2D60
                                                                                                                                                                                                                      SHA1:AC14D7F9042F470FEE0D48B3D9E6EDBC505285BC
                                                                                                                                                                                                                      SHA-256:A1C7A119AC9C663E0CD98E8BA6992F8B876F19D92252EB4FDFB1AF0594B70061
                                                                                                                                                                                                                      SHA-512:FEFE8721063067B784D713E43FF5C05928AFCC19ED2BB5B07536F39523B7F3B2C61E8E98EC68F0E8BF8E406262D00F5A77A0A5A7DA07A2D49EF479FF04D2B1CF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://fonts.gstatic.com/s/i/youtube_fill/pause/v6/24px.svg
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M9 19H7V5h2Zm8-14h-2v14h2Z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 330

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):921
                                                                                                                                                                                                                      Entropy (8bit):4.464286693597905
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24:t4IlU/vHVWjL5ESTSyWuGkxwV2XFuzL5S5iSVg6TLsb6hSvbME:g/tWjLTSyWkiYXQV4g6TLsbR
                                                                                                                                                                                                                      MD5:C6DCFE088E335952BCE4589C4154639E
                                                                                                                                                                                                                      SHA1:EAA22A33D760F5BFDA6F65F9FC46607E729B6CB2
                                                                                                                                                                                                                      SHA-256:38A6BB1647E12A9CF3227E92F04F7AD3455FB51CC777E9AB69AA68587059E53F
                                                                                                                                                                                                                      SHA-512:C7F845D471477B4F78CD76A8E21C2E5E0AFAB2FAB8F1949D7195AEA3C8280E348302F41098167A472C0019529E979E20B0AD3C236A59410F9DEA0C19600E8D7A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" fill="currentColor" height="24" viewBox="0 0 24 24" width="24"><path clip-rule="evenodd" d="m12 7.75-.772-.464-4.186-2.511L2.5 7.803v6.307L12 19.29l9.5-5.181V7.803l-4.542-3.028-4.186 2.511L12 7.75ZM12 6 7.814 3.488c-.497-.298-1.122-.283-1.604.039L1.668 6.555C1.251 6.833 1 7.3 1 7.803v6.307c0 .548.3 1.054.782 1.316l9.5 5.182c.447.244.989.244 1.436 0l9.5-5.182c.482-.262.782-.768.782-1.316V7.803c0-.502-.25-.97-.668-1.248L17.79 3.527c-.482-.322-1.107-.337-1.604-.039L12 6Zm3.5 6.25c0 .69-.56 1.25-1.25 1.25S13 12.94 13 12.25 13.56 11 14.25 11s1.25.56 1.25 1.25ZM7 8c-.414 0-.75.336-.75.75v1.5h-1.5c-.414 0-.75.336-.75.75s.336.75.75.75h1.5v1.5c0 .414.336.75.75.75s.75-.336.75-.75v-1.5h1.5c.414 0 .75-.336.75-.75s-.336-.75-.75-.75h-1.5v-1.5C7.75 8.336 7.414 8 7 8Zm10.75 3c.69 0 1.25-.56 1.25-1.25s-.56-1.25-1.25-1.25-1.25.56-1.25 1.25.56 1.25 1.25 1.25Z" fill-rule="evenodd"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 331

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1097
                                                                                                                                                                                                                      Entropy (8bit):4.3430697193933
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24:t4IlU/vH1Y7PwvXxGVI1Z9uasVrSC5PLkB/1G4aeDMCPNmlp2KsDME:g/mCxGVI1DuasD5PLkTueDrKpk
                                                                                                                                                                                                                      MD5:9A6784C7BAA35C81857DA2D120805B08
                                                                                                                                                                                                                      SHA1:8F1111CB9A09F7C208C9BCC97ECF258F00EE8E09
                                                                                                                                                                                                                      SHA-256:AFAEDE2B543B161A5A821881470A8AB861B732B90B49E8F5817AB1BEC257D621
                                                                                                                                                                                                                      SHA-512:04E10BDC58B25218EE9B7FD7CDC4110C77493907D80A1C91234FDB3F2289B2BCFF0614FF7A74102F47987795AA542FA5BC3ABA46B0BC68F7C60E1C977A67107E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" fill="currentColor" height="24" viewBox="0 0 24 24" width="24"><path clip-rule="evenodd" d="m7.61 15.719.392-.22v-2.24l-.534-.228-.942-.404c-.869-.372-1.4-1.15-1.446-1.974-.047-.823.39-1.642 1.203-2.097h.001L15.13 3.59c1.231-.689 2.785-.27 3.466.833.652 1.058.313 2.452-.879 3.118l-1.327.743-.388.217v2.243l.53.227.942.404c.869.372 1.4 1.15 1.446 1.974.047.823-.39 1.642-1.203 2.097l-.002.001-8.845 4.964-.001.001c-1.231.688-2.784.269-3.465-.834-.652-1.058-.313-2.451.879-3.118l1.327-.742Zm1.993 6.002c-1.905 1.066-4.356.46-5.475-1.355-1.057-1.713-.548-3.89 1.117-5.025a4.14 4.14 0 01.305-.189l1.327-.742-.942-.404a4.055 4.055 0 01-.709-.391c-.963-.666-1.578-1.718-1.644-2.877-.08-1.422.679-2.77 1.968-3.49l8.847-4.966c1.905-1.066 4.356-.46 5.475 1.355 1.057 1.713.548 3.89-1.117 5.025a4.074 4.074 0 01-.305.19l-1.327.742.942.403c.253.109.49.24.709.392.963.666 1.578 1.717 1.644 2.876.08 1.423-.679 2.77-1.968 3.491l-8.847 4.965ZM10 14.567a.25.25 0 00.374.217l

                                                                                                                                                                                                                      Chrome Cache Entry: 332

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):220
                                                                                                                                                                                                                      Entropy (8bit):4.95427055782646
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:tI9mc4slhLJ9hC/vmI4VJD2zPdqUQx+dt:t47N9U/vmRf2bQxS
                                                                                                                                                                                                                      MD5:64C5CFD76908E80E8D1C35BB65CF26CB
                                                                                                                                                                                                                      SHA1:DCDA22BE3CFBA2AF2C7CD98465F601E8B3C5888A
                                                                                                                                                                                                                      SHA-256:59BD8FAC9261910ADAE788A1BA4E550544F05A84312049D2C254FC37A7596CC1
                                                                                                                                                                                                                      SHA-512:37C54AF2F2D644BBA688775BC77FB0AED604F9ED4675FF89117A0AA264C62A0291AFC145A7D20C4C4D14F13E6C460CF6D39B1F925E442BD7A3A190BA77B98DE7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24" viewBox="0 0 24 24" width="24"><path d="M12 4v9.38c-.73-.84-1.8-1.38-3-1.38-2.21 0-4 1.79-4 4s1.79 4 4 4 4-1.79 4-4V8h6V4h-7z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 333

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):511
                                                                                                                                                                                                                      Entropy (8bit):4.622942488641842
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12:trwdU/gKup+tiHD6x2wiHDXx2wiHDi25iHDV25iHDc:tYU/duItq68wqMwqt5qw5qc
                                                                                                                                                                                                                      MD5:A229E3CF403001E92CB1EA441D880E54
                                                                                                                                                                                                                      SHA1:1C4518AA326967D4BC424FD14C65D1A3276B5100
                                                                                                                                                                                                                      SHA-256:952AC1A0AE07753F75FA27BBE483E71C43B29DF5C160AAE33BB447C0E5B5E751
                                                                                                                                                                                                                      SHA-512:6B30EE9BECA55C6FC5A92330CEB5AAA3F70E1B1A166A6CE7FF0059F619F525673B8160D2A6D35E6D6B35CB52FDB547F3EEB8F960B2E7356C4C2C699115FEBA66
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">.<rect x="11" y="2" width="2" height="20" rx="1" fill="white" fill-opacity="0.3"/>.<rect x="15" y="6" width="2" height="12" rx="1" fill="white" fill-opacity="0.3"/>.<rect x="7" y="6" width="2" height="12" rx="1" fill="white" fill-opacity="0.3"/>.<rect x="3" y="10" width="2" height="4" rx="1" fill="white" fill-opacity="0.3"/>.<rect x="19" y="10" width="2" height="4" rx="1" fill="white" fill-opacity="0.3"/>.</svg>.

                                                                                                                                                                                                                      Chrome Cache Entry: 334

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):441
                                                                                                                                                                                                                      Entropy (8bit):4.728282635502173
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12:t47N9U/vmRR9jRxmHRLkCsL9IxflMwhT2fLrYVMdubTci:t4jU/vJHNklhIwwhqgVMEci
                                                                                                                                                                                                                      MD5:B15A744B5ED7D5D8A779E411F513E24C
                                                                                                                                                                                                                      SHA1:F156A8D2F03E4FFB072FF7D2241DDCA911664B0E
                                                                                                                                                                                                                      SHA-256:43B5B8ECC8D128FDD2DF4366CBE6FDD8ED0067DC117438290F59F5A0FFAF715D
                                                                                                                                                                                                                      SHA-512:3381EC00EEE98892B08E5C47929FFC27129A92ACF486CC33DB7E7DE1128ACBADDCCAA75115A40BC6A91B97CA39FCB42E0661341BF433299720C80DBB3EDBFF20
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://fonts.gstatic.com/s/i/youtube_outline/bell/v8/24px.svg
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24" viewBox="0 0 24 24" width="24"><path d="M10 20h4c0 1.1-.9 2-2 2s-2-.9-2-2zm10-2.65V19H4v-1.65l2-1.88v-5.15C6 7.4 7.56 5.1 10 4.34v-.38c0-1.42 1.49-2.5 2.99-1.76.65.32 1.01 1.03 1.01 1.76v.39c2.44.75 4 3.06 4 5.98v5.15l2 1.87zm-1 .42-2-1.88v-5.47c0-2.47-1.19-4.36-3.13-5.1-1.26-.53-2.64-.5-3.84.03C8.15 6.11 7 7.99 7 10.42v5.47l-2 1.88V18h14v-.23z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 335

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):207
                                                                                                                                                                                                                      Entropy (8bit):5.099700989024115
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:tI9mc4slhLJ9hC/vmI4u2U6PTkY5fUgNOJNu:t47N9U/vmR0kTkYZUg2M
                                                                                                                                                                                                                      MD5:D9BB191D7185DB63EC946298DE7F9AF9
                                                                                                                                                                                                                      SHA1:CDE1E715177A55F8F7C9CE0BB1766481EF215D8A
                                                                                                                                                                                                                      SHA-256:40829C1F6F101B7122AB0D9EDC7A4EDB6368448259A74831C2FAD26D865DD90F
                                                                                                                                                                                                                      SHA-512:7B8B57273161CA8EC550E7C04AAFA34A8C48CE66FBFB5123C48F84AE4A5C9B43C5820EC5D00E62B12D3AFF946ACCC4F1501132FDB034A9E39F83B18E6A7CDAB0
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24" viewBox="0 0 24 24" width="24"><path d="m11 7 6 3.5-6 3.5V7zm7 13H4V6H3v15h15v-1zm3-2H6V3h15v15zM7 17h13V4H7v13z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 336

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):570
                                                                                                                                                                                                                      Entropy (8bit):4.665978045392768
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12:t4IlU/vmwQZvXRxrIcIQnx4j6UpgGN48gQJF32LxuRMy6sUCChPKvPDME:t4IlU/vHQZoR6OjN48gQJF32Lxfy6hST
                                                                                                                                                                                                                      MD5:ED7B89E541C43A4571F9634122AB86B2
                                                                                                                                                                                                                      SHA1:F326897B2E7FF541C8979A1E6D44CE68C2333FB2
                                                                                                                                                                                                                      SHA-256:A6135CFC6920359A953143B6A4DBDC691F63A1028FF0CAD5561C963D7DA28444
                                                                                                                                                                                                                      SHA-512:531E4EB10EA02EE7F258C64454656CA7F562C36D933751AFE41088F59607DE1AF1ADE38AF773F33667912BEB9C338AE0FA08AE89FD0ED2D5CA76A0FA2883E015
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" fill="currentColor" height="24" viewBox="0 0 24 24" width="24"><path clip-rule="evenodd" d="M6.379 17.5H19c.276 0 .5-.224.5-.5V5c0-.276-.224-.5-.5-.5H5c-.276 0-.5.224-.5.5v14.379l1.44-1.44.439-.439Zm-1.879 4-.033.033-.26.26-.353.353c-.315.315-.854.092-.854-.353V5c0-1.105.895-2 2-2h14c1.105 0 2 .895 2 2v12c0 1.105-.895 2-2 2H7l-2.5 2.5ZM12 6c.552 0 1 .448 1 1v4c0 .552-.448 1-1 1s-1-.448-1-1V7c0-.552.448-1 1-1Zm0 9.75c.69 0 1.25-.56 1.25-1.25s-.56-1.25-1.25-1.25-1.25.56-1.25 1.25.56 1.25 1.25 1.25Z" fill-rule="evenodd"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 337

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:OpenPGP Public Key
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):252762
                                                                                                                                                                                                                      Entropy (8bit):7.998574073517285
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:6144:97cxvhIpKA6FA3iIBysAQJNdw5PmuLQj9WS6u2MX:97cxZIpj66SIBysAQDdw4awv
                                                                                                                                                                                                                      MD5:D442EF17CE73023306FE98AD72C80AA2
                                                                                                                                                                                                                      SHA1:FC7BAFF30EB21D17A999105BB5ED99A570E7A944
                                                                                                                                                                                                                      SHA-256:73BE2999FFAC3D8740D483276F4527FC3A55FDAABEAA298465D715A27C896AA7
                                                                                                                                                                                                                      SHA-512:2EA168BF3C620F9A4EED102FBE516D9C163789CE4BAF24FADAF1A9C57C2BC4DC9983922BCE36E581C654D60D664C9F8E2C04BA1B6CB0E3803A6E1FD467FF6F40
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://www.youtube.com/s/_/ytmainappweb/_/ss/k=ytmainappweb.kevlar_base.ySJCljePUk4.L.B1.O/am=AAAECQ/d=0/br=1/rs=AGKMywHy908boUKnG7d6H87wr_xchxCvaQ
                                                                                                                                                                                                                      Preview:...'...8.....GQ.... ..k`..8l......@...........w...@0......prvqus...........V../..-.(....+...1..;...v...F..(..$RC.e..=.|.l.d..7.o....K"Nk.hu.\.[.....\]>...U..a..D..EK."...t0A6.I.._.^._.V..T6..Yr*.P.@..9.......J.....s..@%...eM.6..}.u.x/3%...e.T. .!.d.....s.s..g.g.{..L$|..A|.$X.e.d..5.....s.d.J..~..l}..o..Z..$...}}../g.G|....&...3.......n.1.....2o.[.U.Xg..b.Srn.WD....C.....fz.Yrc......m...v,....b8.".2*...v....@..|...c.u.s.(.@..._$U...;U.u$..p,...Ff.{.^....v7.........,.....~......!.....1...U......;........c.....Kros%K....Dd...~...5E3S.c.o=.1.>d......$...Rs=.-?........Y.~...I.S..,.._...{...g...p.."..U.......`./..a-C.....^... C.........[".9D).......I.N:.Hl.[.`........._...A.L.M.3...)u..h5.d-.".C..>?.[.d.w.........-k.....d.B4!..4{p.Q.y.N..Y...%>.v.O._b..gXX....J2w.l.r./...d.F....h......H....aX..j..X.e.."z..W..t/...\.<...o.$;9o.eX..6..L........x.f..P.g....1....bh........2dB.~....C./..7..9.........Qm.V.qP..Qp..$...x.......E..[A.e.S%.....\:.....N.[.K....&.

                                                                                                                                                                                                                      Chrome Cache Entry: 338

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):996
                                                                                                                                                                                                                      Entropy (8bit):7.812724837877876
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24:B6BeLRpBMItyQglr5jAyI2kpUb0C+h/YMeX:B/RjMr3jAz28gr
                                                                                                                                                                                                                      MD5:89E7B86B31B97C68AE5C854290DA14A1
                                                                                                                                                                                                                      SHA1:23E7179C4A53A2CE6EC47582CFE9FD9FD563DBA0
                                                                                                                                                                                                                      SHA-256:E59BA0CC804B95F6D56706AFA378215104CCD6F66AF60FE63C663B76E346962E
                                                                                                                                                                                                                      SHA-512:1083C34B65CCFCDDDD7DA1EF00ADA007DF2F6B82AB419FF531260FBAB6384A84825A04B19F4C2B75A8925A15C21E8B9E60A37CEBF5CD77799085EC72515DAC3B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://www.youtube.com/s/desktop/c7dc2eb1/cssbin/www-main-desktop-home-page-skeleton.css
                                                                                                                                                                                                                      Preview:.@.. .m...9$L3...g..#EVZl.......?..x"6v..s......@rkD.H.3k.....V.v....J....h5.;..5..8IX...K..G.|Y.C..<...T..iX>........H.....u4...f.? A...._..4.%$}......S&{V.V..BT.....b............xd..P.4.rB k.....z.cR)&.h....O...*GKS......'n..R..D......vv^.O.$.&.m.(.J..3..9.z.n.TP<B8.0M...,..S.y..Xt....=.y.7.=..).9z.c..}Y.....uG,k..n'.G..6y8\|....~.]..uWNy..s!2.r82.V.+.;..=..V/j.....~... ....0..tc-<...<J'..,.'...r....F....{..S.5..w...p..9.,....`.-;...WF.....M1.N.U#}..^K....:<..UY.....wj.kK..2....#>X.B...n$4......MX;..AJ...H...S.#.....c.....El.....S1.A.....?.d9~.M.H...V2..h.!.K...&.....a..7<.e.I..o.y.+.b.....P...Z..1...!B.u-...,...a.%`..B..8...^].av.#.B.v..s..o..0.)G..'$nQ......ln.t2R..,..Q..L.lT.[KHW..=....I..(.u.....OQ...(I.(.T..."%...,i ....n'{f..-5.ww.0.cGmI!..aU.+O."}....}.........G5)WZ?.......i..(Vy....).F.A............C#........l'....<......$......L.mI*.$..XU.....1.06.wh...R".....3...%|8.+.`OE0....... A.y...(..c.2e..i)....b.....{..wfm...[.

                                                                                                                                                                                                                      Chrome Cache Entry: 339

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (568)
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):2552055
                                                                                                                                                                                                                      Entropy (8bit):5.699671299834225
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:XcMVHoDU95qh8mZ7fWxDVdrNL3dQReNfS82cmEw9Vu:hSfWprNL3dTqrVu
                                                                                                                                                                                                                      MD5:7A776F8026802C84000C7309B37BA3BE
                                                                                                                                                                                                                      SHA1:71B979D9998CD309E8D5CB51246A6C77D6158D96
                                                                                                                                                                                                                      SHA-256:398E4E2EAE3BA783EAABAC00D2D141365CB4731C8B152F80C4D77EB9C7721F61
                                                                                                                                                                                                                      SHA-512:FB0ECE59C98211D3927CDB9E921B9FA51D503AAF02830686B5B6C074609A8F358247A8DFBFA3715C2F92836FA5FA5B4E8C7AC26F4F1E73E85C83453B4F1DC7BA
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://www.youtube.com/s/player/74e4bb46/player_ias.vflset/en_US/base.js
                                                                                                                                                                                                                      Preview:var _yt_player={};(function(g){var window=this;/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright Google LLC All Rights Reserved... Use of this source code is governed by an MIT-style license that can be. found in the LICENSE file at https://angular.dev/license.*/./*.. (The MIT License).. Copyright (C) 2014 by Vitaly Puzrin.. Permission is hereby granted, free of charge, to any person obtaining a copy. of this software and associated documentation files (the "Software"), to deal. in the Software without restriction, including without limitation the rights. to use, copy, modify, merge, publish, distribute, sublicense, and/or sell. copies of the Software, and to permit persons to whom the Software is. furnished to do so, subject to the following conditions:.. The above copyright notice and this permission notice shall be included in. all copies or substantial portions of the

                                                                                                                                                                                                                      Chrome Cache Entry: 340

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):274
                                                                                                                                                                                                                      Entropy (8bit):4.691767704613487
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:tI9mc4slhohC/vmI4tSSJhpbtnRm31IE2l0kjMswple9SY:t4noU/vmRtXVtnRm31IEURwpY
                                                                                                                                                                                                                      MD5:940A3FA042BCA1DB7543B418E574CCA1
                                                                                                                                                                                                                      SHA1:AF122097171DD4140E913C6DA8D3501819368165
                                                                                                                                                                                                                      SHA-256:3EB4200488142D98914FD98981C1C3E6F7C600D3A8E249826B5D72721DD6EE22
                                                                                                                                                                                                                      SHA-512:33D87129671F2FE4AB2055C0CEF5DA1067D900EB73FAF18A430F5124DD7D2B84DEA0308FB60ADFB060EFDDB09E482894758B4180440D6522A3DA0B0AB429F5EB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M14.97 16.95 10 13.87V7h2v5.76l4.03 2.49-1.06 1.7zM12 3c-4.96 0-9 4.04-9 9s4.04 9 9 9 9-4.04 9-9-4.04-9-9-9m0-1c5.52 0 10 4.48 10 10s-4.48 10-10 10S2 17.52 2 12 6.48 2 12 2z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 341

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):976
                                                                                                                                                                                                                      Entropy (8bit):4.412211250674582
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24:t4IlU/vHAD2iIX+Bhfq5gQ2sUmeMmBtWvqZ+2S1sIgx9uZVICmarodYigCi2ME:g/oDwCfq5gsUmuBYy21bO9OmMt4
                                                                                                                                                                                                                      MD5:82DE8D95C40E7570F31267A428AD0CC3
                                                                                                                                                                                                                      SHA1:860BDECB29C5014E1AAB59BE27856C92EC5E0285
                                                                                                                                                                                                                      SHA-256:057C6D519320B62A54FB59C5F8DDC04B6113ADF2A2D72BCC90715DBCDF915C5D
                                                                                                                                                                                                                      SHA-512:F4631B48998941C8943E91A9B0EF85DE69D761F967B4F75E2AD04BCB0469F250F27C65EA7C6D1135FF1A6EF534D035338020D763BA98010D2C6C0C55BABD68B5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" fill="currentColor" height="24" viewBox="0 0 24 24" width="24"><path clip-rule="evenodd" d="M11.58 2.03c.545-.078 1.1-.003 1.606.214.506.218.942.57 1.26 1.02.319.448.508.976.547 1.525.038.55-.075 1.099-.328 1.588-.252.489-.634.899-1.104 1.185-.254.154-.527.27-.81.343v.705l7.18 5.026c.267.187.383.527.284.84-.098.312-.388.524-.715.524H18v3c0 .552-.448 1-1 1h-2v3h-1v-1h-1v1h-1v-1h-1v1h-1v-1H9v1H8v-1H7v1H6v-7H4.5c-.327 0-.617-.212-.715-.524-.099-.313.017-.653.285-.84l7.18-5.026V7.25c0-.414.336-.75.75-.75.275 0 .545-.076.78-.219.235-.143.427-.348.553-.593.126-.244.183-.519.163-.793-.019-.275-.114-.539-.273-.763-.16-.225-.377-.4-.63-.51-.253-.109-.53-.146-.803-.107-.272.038-.53.151-.742.326-.213.174-.373.404-.464.664-.137.391-.564.597-.955.46-.391-.136-.598-.564-.461-.955.182-.52.503-.98.928-1.328.425-.35.939-.575 1.484-.652ZM15 15h1.5v2.5H15V15Zm2.12-1.5H6.88L12 9.915l5.12 3.585ZM7.5 15h6v4.5h-6V15Z" fill-rule="evenodd"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 342

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):1179
                                                                                                                                                                                                                      Entropy (8bit):4.304015964202653
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24:t4IlU/vHBCVS6jl2WWRhXQdfPaUITVn1u9Ez9T/7Ec2whL+ly6hSvbME:g/sRtggVPFITV1ysb7kwh6lyR
                                                                                                                                                                                                                      MD5:748101DC1BA3C9CC64CBC2CA132461E8
                                                                                                                                                                                                                      SHA1:C71D34C48DF17EF4E9A00F14731B9B9A4903078E
                                                                                                                                                                                                                      SHA-256:A37D5BED6CD1B501FA08D6A5CE36FE9EEA9D23F429A65F2232B74C2F51A35AA8
                                                                                                                                                                                                                      SHA-512:C345F0141784D02D232BA3A5DD2E73E0188C4666EA19812334C3A0950BE22BEE8574E257E6FA35A91B71364C59D1E0DFB0979F5F5796B616F8CB80FFEBF1D066
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://fonts.gstatic.com/s/i/youtube_outline/question_circle_cairo/v2/24px.svg
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" fill="currentColor" height="24" viewBox="0 0 24 24" width="24"><path clip-rule="evenodd" d="M3.5 12c0 4.694 3.806 8.5 8.5 8.5s8.5-3.806 8.5-8.5-3.806-8.5-8.5-8.5S3.5 7.306 3.5 12ZM12 2C6.477 2 2 6.477 2 12s4.477 10 10 10 10-4.477 10-10S17.523 2 12 2Zm2.245 7.505v-.003l-.003-.045c-.004-.044-.012-.114-.03-.2-.034-.174-.103-.4-.234-.619-.234-.39-.734-.883-1.978-.883s-1.744.494-1.978.883c-.131.22-.2.445-.235.62-.017.085-.025.155-.029.2l-.003.044v.004c-.004.415-.34.749-.755.749-.417 0-.755-.338-.755-.755H9h-.755v-.022l.001-.036.008-.114c.008-.092.023-.218.053-.367.058-.294.177-.694.42-1.1.517-.86 1.517-1.616 3.273-1.616 1.756 0 2.756.756 3.272 1.617.244.405.363.805.421 1.1.03.148.046.274.053.366l.008.114v.036l.001.013v.008L15 9.5h.755c0 .799-.249 1.397-.676 1.847-.374.395-.853.634-1.202.808l-.04.02c-.398.2-.646.333-.82.516-.136.143-.262.358-.262.809 0 .417-.338.755-.755.755s-.755-.338-.755-.755c0-.799.249-1.397.676-1.847.374-.395.853-.634 1.202-.808l.

                                                                                                                                                                                                                      Chrome Cache Entry: 343

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):531
                                                                                                                                                                                                                      Entropy (8bit):4.517890434004929
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12:t4tM65EVlUbal0YClBze4gKCqRaMcmt+BOgyy9e5PhwWU:t4tMMbS0TBAMdc1QgcdrU
                                                                                                                                                                                                                      MD5:D8AB2A29ED285F79AF11A250D2536BC1
                                                                                                                                                                                                                      SHA1:B394B72270ECA95336C5780E1F97C0CAD051C0FF
                                                                                                                                                                                                                      SHA-256:AAAEF8F774A256E546C1178D91EBBA27FA0F7A7420D7E54DCC4F26D6DD7AB31A
                                                                                                                                                                                                                      SHA-512:3F376435B591FCB848D4D259A0DA5BAE15EB8583572C00C6E3041DDB64C1756E48A333EB6144042A45D23E2A45DB623CD78DB5467579051CA674F93C8964FCE2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M5.5 3C4.11929 3 3 4.11929 3 5.5V21.5C3 22.8807 4.11929 24 5.5 24H22.5L26.7474 28.5741C27.5513 29.4399 29 28.871 29 27.6895V24V5.5C29 4.11929 27.8807 3 26.5 3H5.5ZM8 10.5C8 9.67157 8.67157 9 9.5 9H22.5C23.3284 9 24 9.67157 24 10.5C24 11.3284 23.3284 12 22.5 12H9.5C8.67157 12 8 11.3284 8 10.5ZM8 16.5C8 15.6716 8.67157 15 9.5 15H18.5C19.3284 15 20 15.6716 20 16.5C20 17.3284 19.3284 18 18.5 18H9.5C8.67157 18 8 17.3284 8 16.5Z"></path></svg>.

                                                                                                                                                                                                                      Chrome Cache Entry: 344

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):190
                                                                                                                                                                                                                      Entropy (8bit):4.734767648393338
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:tIsqDmJS4RKb5sAR+hHiATcvXjXRHRcBHlbRvxXUjvuoVFMScupjUJEFNJFyOXV/:tI9mc4slhohC/vmVR5XUjvuoVFbpjUJc
                                                                                                                                                                                                                      MD5:117AB951A6D6204AC74B0A8A2DEBB839
                                                                                                                                                                                                                      SHA1:0EBD5BAB716E8A101783C60471EA52745CB8459F
                                                                                                                                                                                                                      SHA-256:988C2499EC07A895EA5B31AB308610995B4F4480142571A47FCD0FFA1A0EFA41
                                                                                                                                                                                                                      SHA-512:2CC4D015CE64DF7D8390ABF7BD7339B4DFA090E89C37135692C8652E59A46C4BBCD7A451C8B6E45F070A4C3F46935EA51B78F67DAC181B0C38CA1CBC62F000DD
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://fonts.gstatic.com/s/i/youtube_fill/arrow_up/v2/24px.svg
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><polygon points="20.21,11.79 12,3.59 3.79,11.79 5.21,13.21 11,7.41 11,20 13,20 13,7.41 18.79,13.21"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 345

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (57395)
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):58698
                                                                                                                                                                                                                      Entropy (8bit):5.690423722401627
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:j//Zvtep2SMb4dEr6SsLBIDHAJkZlaB81:TZl6NMUtcr7
                                                                                                                                                                                                                      MD5:C9D82794F2F794615CD84F796D77B903
                                                                                                                                                                                                                      SHA1:FC46CA54B8C651E0AC6621FE6F5B4E2D5CB3DDD1
                                                                                                                                                                                                                      SHA-256:C73BC8518073761652F76E4ABD3F24B99BFA191E842E8EA6DC25B3E10AA7B353
                                                                                                                                                                                                                      SHA-512:B0FC24CB764009CCC8960DA15E089F9E942C38B362CE09D093F204B10C67BCB52683681799CFE31F4C3C6AE5236E9092CCB99BF31892EC83BAF15EBBF8A01CF6
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://www.google.com/js/th/xzvIUYBzdhZS925KvT8kuZv6GR6ELo6m3CWz4Qqns1M.js
                                                                                                                                                                                                                      Preview://# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjogMywic291cmNlcyI6WyIiXSwic291cmNlc0NvbnRlbnQiOlsiICJdLCJuYW1lcyI6WyJjbG9zdXJlRHluYW1pY0J1dHRvbiJdLCJtYXBwaW5ncyI6IkFBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUEifQ==.(function(){function x(v){return v}var J=function(v,S,l,O,y,L,A,u,Z,e,n,H){for(n=(e=O,64);;)try{if(e==77)break;else if(e==S)e=K.console?19:v;else if(e==O)u=A,Z=K.trustedTypes,e=45;else if(e==24)n=47,u=Z.createPolicy(L,{createHTML:I,createScript:I,createScriptURL:I}),e=v;else if(e==19)K.console[y](H.message),e=v;else{if(e==83)return u;if(e==l)n=64,e=S;else{if(e==v)return n=64,u;e==45&&(e=Z&&Z.createPolicy?24:83)}}}catch(p){if(n==64)throw p;n==47&&(H=p,e=l)}},I=function(v){return x.call(this,v)},K=this||self;(0,eval)(function(v,S){return(S=J(56,57,23,48,"error","ad",null))&&v.eval(S.createScript("1"))===1?function(l){return S.createScript(l)}:function(l){return""+l}}(K)(Array(Math.random()*7824|0).join("\n")+['//# sourceMappingURL=data:application

                                                                                                                                                                                                                      Chrome Cache Entry: 346

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):631
                                                                                                                                                                                                                      Entropy (8bit):4.523426024540581
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12:t47N9U/vmRlNAz9Cf2+uFNxLjRJqpOyaIj24iexYNjbnME:t4jU/vwAz9C2NDx7MraCvC/ME
                                                                                                                                                                                                                      MD5:CF8624D2CB9D056B69F4240D26676F42
                                                                                                                                                                                                                      SHA1:B6D1C7111D039427E2605490C40992C47021E1C7
                                                                                                                                                                                                                      SHA-256:384FBC48B9DAAAAE43546C01BAAC0F19EAF764549ABC66FE69A9E9675A14D0A3
                                                                                                                                                                                                                      SHA-512:8500302D48ACDDAD24B051A44482305D92B349A054BF006E0FCA901DC55CC06DF826D28A39432ED7A92B7FB76E1D351945606DA87A0F0D3127E66D1CF2DDC90B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://fonts.gstatic.com/s/i/youtube_fill/broadcast/v3/24px.svg
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24" viewBox="0 0 24 24" width="24"><path d="M13 13.72V22h-2v-8.28c-.6-.35-1-.98-1-1.72 0-1.1.9-2 2-2s2 .9 2 2c0 .74-.4 1.38-1 1.72zm-5.23 2.53 1.42-1.42C8.45 14.11 8 13.11 8 12c0-2.21 1.79-4 4-4s4 1.79 4 4c0 1.11-.45 2.11-1.18 2.83l1.42 1.42C17.33 15.16 18 13.66 18 12c0-3.31-2.69-6-6-6s-6 2.69-6 6c0 1.66.67 3.16 1.77 4.25zm-2.83 2.83 1.42-1.42C4.9 16.21 4 14.21 4 12c0-4.41 3.59-8 8-8s8 3.59 8 8c0 2.21-.9 4.21-2.35 5.66l1.42 1.42C20.88 17.27 22 14.77 22 12c0-5.52-4.48-10-10-10S2 6.48 2 12c0 2.77 1.12 5.27 2.94 7.08z" fill-rule="evenodd"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 347

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):181
                                                                                                                                                                                                                      Entropy (8bit):5.0971144323973805
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:tIsqDmJS4RKb5hL6Fb0zVjXRH8+hHiATcvXjXRHRcBHeQR+Hmy7NdURsoDCb:tI9mc4slhLJ9hC/vm+Qqmy7NdcE
                                                                                                                                                                                                                      MD5:FE331A9DBB967C0CF9B8F9393194706D
                                                                                                                                                                                                                      SHA1:AD46D5C48638D094B7CB6065748F2F0DC13379D3
                                                                                                                                                                                                                      SHA-256:7BB86F0FED70C3026F3D41D1ED0ADC304A4EBA489901226658C65A9244A4E22A
                                                                                                                                                                                                                      SHA-512:E67196D4A808B2E82EBEFD6922A5822F9FC11C9F030B7E0C75D079A700339D1D0300B12DADEA7DFF9833BB27FCCFA1C4E026783091484FD6E6F7B1078251D057
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24" viewBox="0 0 24 24" width="24"><g><path d="M14 3H5v18h1v-9h6.6l.4 2h7V5h-5.6L14 3z"/></g></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 348

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):403
                                                                                                                                                                                                                      Entropy (8bit):4.792474056413278
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12:t4IlU/vmwZQRQAqs2TQQY2QE2EQFvsTTaUqbME:t4IlU/vHKiTsu/Y1EcFvAa1ME
                                                                                                                                                                                                                      MD5:E6F1CFC9E5A8D476B2692E21FE34CEC7
                                                                                                                                                                                                                      SHA1:ECF80AD9373F568222390570550BB6FC4DF5898B
                                                                                                                                                                                                                      SHA-256:D8C8CE823F228571EEFFEAAEE51965D494864C51E9EC83FE40AD8CD870300ACB
                                                                                                                                                                                                                      SHA-512:615C6DA72CACDCC0CB15E286F55204DED67AB7C8BA799F6BAA37AD1C9C4648448E582F4C71E4C30739B6677191A3D6177C603B5050944F9CBC2A381DFC81294A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" fill="currentColor" height="24" viewBox="0 0 24 24" width="24"><path clip-rule="evenodd" d="M4 4.5A1.5 1.5 0 015.5 3h13A1.5 1.5 0 0120 4.5H4Zm16.5 3h-17v11h17v-11ZM3.5 6A1.5 1.5 0 002 7.5v11A1.5 1.5 0 003.5 20h17a1.5 1.5 0 001.5-1.5v-11A1.5 1.5 0 0020.5 6h-17Zm7.257 4.454a.5.5 0 00-.757.43v4.233a.5.5 0 00.757.429L15 13l-4.243-2.546Z" fill-rule="evenodd"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 349

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1136)
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1582
                                                                                                                                                                                                                      Entropy (8bit):5.274386902900125
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24:hY6svD+6zSU6pedQf3Zvcn1BZdAe1nCr1LTHI5z8xieS8f:3qD+2+pUAew85zskA
                                                                                                                                                                                                                      MD5:7EAF4A21814A4AF6B8B7FCCF7F9FB906
                                                                                                                                                                                                                      SHA1:28FB72B0C36324955287D9F8C1B28A00C894D028
                                                                                                                                                                                                                      SHA-256:A7558B80672BF29E965699BDA138F84D914130C7E576C26957FB248592407699
                                                                                                                                                                                                                      SHA-512:189138945A4C5D3956328940CEB4C2476870C497337E0D05A56B028CB02E0D3064BEBBBFA0399159B2E1D24B9B4A153789288D37D21E04C2560718350EC608D9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<!DOCTYPE html>.<html lang=en>. <meta charset=utf-8>. <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">. <title>Error 404 (Not Found)!!1</title>. <style>. *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.

                                                                                                                                                                                                                      Chrome Cache Entry: 350

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):552
                                                                                                                                                                                                                      Entropy (8bit):4.4354471280851335
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12:t4tM65JA+KtIeDBmtMsZkvRP8x0iup0LELeyw5c+QU:t4tMMJALH8MsqJUtDoie+QU
                                                                                                                                                                                                                      MD5:A57A74B00971D94B2CCA706685A9FBF6
                                                                                                                                                                                                                      SHA1:8F24E8FAB4F92F58C23D451C3C8C6966C3A7B3E2
                                                                                                                                                                                                                      SHA-256:2C13665427EA079DB0437534FD5C3F43E144D4707F129267C56F0352FF582EC0
                                                                                                                                                                                                                      SHA-512:0A64ACB3697FBF5EC6A6D8DC46587E1A2A044F43D8DE0168F733B6276101F4A623D494E250D0C60A9E76C556ED288014530401A7C42F00F6CF5CBBE4AAD30748
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://www.gstatic.com/youtube/img/icons/web/youtube_fill/shorts-share/v2/32px.svg
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M17.7375 5.26556L28.6745 15.2624C29.1083 15.6589 29.1083 16.3422 28.6745 16.7387L17.7375 26.7356C17.0958 27.3222 16.0628 26.8669 16.0628 25.9975V21.6217C16.0628 21.6217 16.0627 21.6217 16.0626 21.6217C9.92564 21.6217 6.69114 23.9378 5.1615 25.5968C4.80726 25.981 3.97329 25.7343 4.00015 25.2125C4.22558 20.8321 5.86088 10.8892 16.0626 10.8892C16.0627 10.8892 16.0628 10.8892 16.0628 10.8892V6.00368C16.0628 5.13426 17.0958 4.67898 17.7375 5.26556Z"></path></svg>.

                                                                                                                                                                                                                      Chrome Cache Entry: 351

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):231
                                                                                                                                                                                                                      Entropy (8bit):5.077824311544019
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:tI9mc4slhLJ9hC/vmI4G93gkIk6wy7Ndc8:t47N9U/vmRk3gBnV
                                                                                                                                                                                                                      MD5:455D4C6D10C83A1C3F62725C71F25BB9
                                                                                                                                                                                                                      SHA1:61F339D3E56879E1B4680D7229BF8B88BE9CBC8D
                                                                                                                                                                                                                      SHA-256:7834ADC55F57ED2863E9F0BF3D4944458EDD13D85F3207F7FE8BA2B2BFFBA464
                                                                                                                                                                                                                      SHA-512:C0C7A0378A799AB3D867B4FD63D6133564E1BB35C797D59DA621B235A73C18D4B90E308731CD09A1731175212D75CF9CDA31DF539230048BA60108A1069E8673
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://fonts.gstatic.com/s/i/youtube_outline/flag/v6/24px.svg
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24" viewBox="0 0 24 24" width="24"><path d="m13.18 4 .24 1.2.16.8H19v7h-5.18l-.24-1.2-.16-.8H6V4h7.18M14 3H5v18h1v-9h6.6l.4 2h7V5h-5.6L14 3z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 352

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):995
                                                                                                                                                                                                                      Entropy (8bit):4.339530047314913
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24:t4IlU/vHY+OKGCWfMljG+y1pV289PnPZylsOZ1oWmkjSwME:g//OoWfAe75PZylsk1pRmm
                                                                                                                                                                                                                      MD5:AE2709314D04579A1CCF78694D60F219
                                                                                                                                                                                                                      SHA1:45D6AEA7FE8DC63660D80C4DF7E06EAE9EF01EE1
                                                                                                                                                                                                                      SHA-256:18D0BB7A18523F5589184B17863CCD1E98884C950698C9734D7A9C815A1430CF
                                                                                                                                                                                                                      SHA-512:D50B1D6C6D5973579E0B6E2341F9D66F13B1D3ECD8285C1BB5122606D56EB267266002971BF7F8AC5158DBA9ED7FD341F7226CCF357EF730640B8351E935C6CC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://fonts.gstatic.com/s/i/youtube_outline/arrow_time_cairo/v2/24px.svg
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" fill="currentColor" height="24" viewBox="0 0 24 24" width="24"><path clip-rule="evenodd" d="M14.203 4.83c-1.74-.534-3.614-.418-5.274.327-1.354.608-2.49 1.6-3.273 2.843H8.25c.414 0 .75.336.75.75s-.336.75-.75.75H3V4.25c0-.414.336-.75.75-.75s.75.336.75.75v2.775c.935-1.41 2.254-2.536 3.815-3.236 1.992-.894 4.241-1.033 6.328-.392 2.088.641 3.87 2.02 5.017 3.878 1.146 1.858 1.578 4.07 1.215 6.223-.364 2.153-1.498 4.1-3.19 5.48-1.693 1.379-3.83 2.095-6.012 2.016-2.182-.08-4.26-.949-5.849-2.447-1.588-1.499-2.578-3.523-2.784-5.697-.039-.412.264-.778.676-.817.412-.04.778.263.818.675.171 1.812.996 3.499 2.32 4.748 1.323 1.248 3.055 1.973 4.874 2.04 1.818.065 3.598-.532 5.01-1.681 1.41-1.15 2.355-2.773 2.657-4.567.303-1.794-.056-3.637-1.012-5.186-.955-1.548-2.44-2.697-4.18-3.231ZM12.75 7.5c0-.414-.336-.75-.75-.75s-.75.336-.75.75v4.886l.314.224 3.5 2.5c.337.241.806.163 1.046-.174.241-.337.163-.806-.174-1.046l-3.186-2.276V7.5Z" fill-rule="evenodd"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 353

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):335
                                                                                                                                                                                                                      Entropy (8bit):4.848782964528927
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:tI9mc4slhohC/vmI4K+tlq2LwkzdO+iEuUDXpzBX6xjU5SWcYISJ2gLGpnQEVRp3:t4noU/vmRxxVzMHUFXMU5SWclS4AuQQv
                                                                                                                                                                                                                      MD5:9F4AFB8B5C116B8C96AD6A0BF69021DB
                                                                                                                                                                                                                      SHA1:DA12B34E4705D9875C8CC67EFE0058698E537A78
                                                                                                                                                                                                                      SHA-256:61B18613E4A65CB373AED90B59C16370DF577861FBA91C5029B2BFFE6E14EAEB
                                                                                                                                                                                                                      SHA-512:3839B172D4A4C0A1D07829DF590C8B3F780DCED47C3C17C79B2B07E71DA35CAED39338E4FDF5A7D6A38C327DB481CD7C41BC601EABB9E01F6FED5D02BE083FE2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M18 5V2H6v3H3v6l3.23 1.61c.7 2.5 2.97 4.34 5.69 4.38L8 19v3h8v-3l-3.92-2.01c2.72-.04 4.99-1.88 5.69-4.38L21 11V5h-3zM6 11.38l-2-1V6h2v5.38zM15 21H9v-1.39l3-1.54 3 1.54V21zm2-10c0 2.76-2.24 5-5 5s-5-2.24-5-5V3h10v8zm3-.62-2 1V6h2v4.38z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 354

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):241
                                                                                                                                                                                                                      Entropy (8bit):5.137838894912298
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:tI9mc4slhLJ9hC/vmI4hNpDCbNBdANjcmgTLMAqY:t47N9U/vmRhNpCsYNLzqY
                                                                                                                                                                                                                      MD5:2BEBB6EA2A23E97C81427106D9722D4E
                                                                                                                                                                                                                      SHA1:38DC371BFBF0DCA768A702E89ED00877F34621E7
                                                                                                                                                                                                                      SHA-256:4C4B6AEA58201D13608EEB52B960E052E9C7D677B7281CAF0E6B713A3E2F223B
                                                                                                                                                                                                                      SHA-512:F4BE381ECF6616EB82FC4B139BC67E6EEE70B1B71581150FF4E69E09E0B6EDA8729536413CDAAB38642F0616944089F96A3DA8369B56870D1118E91B67C2FEC9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24" viewBox="0 0 24 24" width="24"><path d="M3 3.03V21h14l4-4V3.03H3zM6 6h12v2H6V6zm7 9v-2h5v2h-5zm0-3v-2h5v2h-5zm-1 6H6v-8h6v8zm4-2h3.99L16 19.99V16z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 355

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):151
                                                                                                                                                                                                                      Entropy (8bit):5.020176826819927
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:tIsqDmJS4RKb5sAR+hHiATcvXjXRHRcBHoNcHqJtxTcR+NkzlFWttxci:tI9mc4slhohC/vmI4ItxTcM6D0Ci
                                                                                                                                                                                                                      MD5:ABCB07D23B020A9464DD70FA10C0D9D3
                                                                                                                                                                                                                      SHA1:38EC787E83181D5907C71676C2C4A21EF4D5B72D
                                                                                                                                                                                                                      SHA-256:D721B8669114FBCDA49F612047DC68869FD406A82AC9BAA420ECF35FFEB05C2E
                                                                                                                                                                                                                      SHA-512:5218BB6A31E50DA5F42ADD673562C03B970C77FC85E9037ECB85ED9B005015EB754017B27351F04DA7622FBE2EED0CC4CCCF82CF73F6EFAD6C1665789AFD9E51
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://fonts.gstatic.com/s/i/youtube_outline/copy/v2/24px.svg
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M19 6v15H8V6h11m-4-4H4v16h1V3h10V2zm5 3H7v17h13V5z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 356

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):648
                                                                                                                                                                                                                      Entropy (8bit):4.380679704687561
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12:t4noU/vmRfhAZY75jQOglOfYcgUKa1rTdnSbzUMoElCInaGLKphWXpVn1:t4oU/vCOa75cOglOfWUzddnSXkUaGLYS
                                                                                                                                                                                                                      MD5:3DFBA54305D790EEE8D1ED17694E3796
                                                                                                                                                                                                                      SHA1:8D0B1DDEE9A50BA3AAA040F11859C2543325C97F
                                                                                                                                                                                                                      SHA-256:BDBC7B228AFDC12B4290348DEE94F07413262E4EAC967AB91946823E45710748
                                                                                                                                                                                                                      SHA-512:0FDBB45059C9036353594B3D4F5CEDC908AA5FB332B594D66C654821BFF09E50C739E274B744CFCD5F91ACF2B39D190E2B32EC84697EA9F04FB6A2720F9E7291
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="m3.15 3.85 4.17 4.17L6.16 9H3v6h3.16L12 19.93v-7.22l2.45 2.45c-.15.07-.3.13-.45.18v1.04c.43-.1.83-.27 1.2-.48l1.81 1.81c-.88.62-1.9 1.04-3.01 1.2v1.01c1.39-.17 2.66-.71 3.73-1.49l2.42 2.42.71-.71-17-17-.71.71zM11 11.71v6.07L6.52 14H4v-4h2.52l1.5-1.27L11 11.71zm-.67-4.92-.71-.71L12 4.07v4.39l-1-1V6.22l-.67.57zM14 8.66V7.62c2 .46 3.5 2.24 3.5 4.38 0 .58-.13 1.13-.33 1.64l-.79-.79c.07-.27.12-.55.12-.85 0-1.58-1.06-2.9-2.5-3.34zm0-3.58V4.07c3.95.49 7 3.85 7 7.93 0 1.56-.46 3.01-1.23 4.24l-.73-.73c.61-1.03.96-2.23.96-3.51 0-3.52-2.61-6.43-6-6.92z"/></svg>

                                                                                                                                                                                                                      Chrome Cache Entry: 357

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):976
                                                                                                                                                                                                                      Entropy (8bit):4.412211250674582
                                                                                                                                                                                                                      Encrypted:fal