Play interactive tour

Edit tour

Analysis Report https://hereforyoushop.com/

Overview

General Information

Sample URL:	https://hereforyoushop.com/
Analysis ID:	321429
Most interesting Screenshot:

Detection

Score:	21
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Phishing site detected (based on logo template match)

Form action URLs do not match main URL

Found iframes

Classification

Startup

System is w10x64

chrome.exe (PID: 5296 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized 'https://hereforyoushop.com/' MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 5768 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,3476142158133594979,17999344869319396226,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1724 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

Phishing:

Phishing site detected (based on logo template match)

Show sources

Source: https://hereforyoushop.com/products/mental-health-therapist-t-shirt-1

Matcher: Template: office matched

Source: https://hereforyoushop.com/products/its-okay-soft-t-shirt-1	HTTP Parser: Form action: https://www.facebook.com/tr/ hereforyoushop facebook
Source: https://hereforyoushop.com/products/its-okay-soft-t-shirt-1	HTTP Parser: Form action: https://www.facebook.com/tr/ hereforyoushop facebook
Source: https://hereforyoushop.com/products/mental-health-matters-t-shirt	HTTP Parser: Form action: https://www.facebook.com/tr/ hereforyoushop facebook
Source: https://hereforyoushop.com/products/mental-health-matters-t-shirt	HTTP Parser: Form action: https://www.facebook.com/tr/ hereforyoushop facebook
Source: https://hereforyoushop.com/products/self-love-heart-necklace	HTTP Parser: Form action: https://www.facebook.com/tr/ hereforyoushop facebook
Source: https://hereforyoushop.com/products/self-love-heart-necklace	HTTP Parser: Form action: https://www.facebook.com/tr/ hereforyoushop facebook
Source: https://hereforyoushop.com/products/kindness-is-cool-t-shirt	HTTP Parser: Form action: https://www.facebook.com/tr/ hereforyoushop facebook
Source: https://hereforyoushop.com/products/kindness-is-cool-t-shirt	HTTP Parser: Form action: https://www.facebook.com/tr/ hereforyoushop facebook

Source: https://hereforyoushop.com/pages/contact-us	HTTP Parser: Iframe src: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcCR2cUAAAAANS1Gpq_mDIJ2pQuJphsSQaUEuc9&co=aHR0cHM6Ly9oZXJlZm9yeW91c2hvcC5jb206NDQz&hl=en&v=UFwvoDBMjc8LiYc1DKXiAomK&size=invisible&cb=pd8payfmmhya
Source: https://hereforyoushop.com/pages/contact-us	HTTP Parser: Iframe src: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcCR2cUAAAAANS1Gpq_mDIJ2pQuJphsSQaUEuc9&co=aHR0cHM6Ly9oZXJlZm9yeW91c2hvcC5jb206NDQz&hl=en&v=UFwvoDBMjc8LiYc1DKXiAomK&size=invisible&cb=pd8payfmmhya

Source: https://hereforyoushop.com/cart	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/cart	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/mental-health-therapist-t-shirt-1	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/mental-health-therapist-t-shirt-1	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/kindness-is-cool-crewneck	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/kindness-is-cool-crewneck	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/#MainContent	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/#MainContent	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/mental-health-therapist-t-shirt-1	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/mental-health-therapist-t-shirt-1	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/society-harms-mental-health-t-shirt	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/society-harms-mental-health-t-shirt	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/its-okay-soft-t-shirt-1	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/its-okay-soft-t-shirt-1	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/infinite-self-love-luxury-bracelet	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/infinite-self-love-luxury-bracelet	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/mental-health-matters-t-shirt	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/mental-health-matters-t-shirt	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/self-love-t-shirt-bundle	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/self-love-t-shirt-bundle	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/pages/contact-us	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/pages/contact-us	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/#	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/#	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/thick-thighs-thin-patience-pin	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/thick-thighs-thin-patience-pin	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/kindness-is-cool-crewneck	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/kindness-is-cool-crewneck	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/self-love-heart-necklace	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/self-love-heart-necklace	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/self-love-t-shirt-bundle	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/self-love-t-shirt-bundle	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/kindness-is-cool-t-shirt	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/kindness-is-cool-t-shirt	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/collections/brooches	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/collections/brooches	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/thick-thighs-thin-patience-pin	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/thick-thighs-thin-patience-pin	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/collections/all	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/collections/all	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/elegant-self-love-heart-bracelets	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/elegant-self-love-heart-bracelets	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/mental-health-matters-t-shirt	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/mental-health-matters-t-shirt	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/kindness-is-cool-t-shirt	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/kindness-is-cool-t-shirt	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/society-harms-mental-health-t-shirt	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/society-harms-mental-health-t-shirt	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/elegant-self-love-heart-bracelets	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/elegant-self-love-heart-bracelets	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/its-okay-soft-t-shirt-1	HTTP Parser: No <meta name="author".. found
Source: https://hereforyoushop.com/products/its-okay-soft-t-shirt-1	HTTP Parser: No <meta name="author".. found

Source: https://hereforyoushop.com/cart	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/cart	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/mental-health-therapist-t-shirt-1	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/mental-health-therapist-t-shirt-1	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/kindness-is-cool-crewneck	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/kindness-is-cool-crewneck	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/#MainContent	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/#MainContent	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/mental-health-therapist-t-shirt-1	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/mental-health-therapist-t-shirt-1	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/society-harms-mental-health-t-shirt	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/society-harms-mental-health-t-shirt	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/its-okay-soft-t-shirt-1	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/its-okay-soft-t-shirt-1	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/infinite-self-love-luxury-bracelet	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/infinite-self-love-luxury-bracelet	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/mental-health-matters-t-shirt	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/mental-health-matters-t-shirt	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/self-love-t-shirt-bundle	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/self-love-t-shirt-bundle	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/pages/contact-us	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/pages/contact-us	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/#	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/#	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/thick-thighs-thin-patience-pin	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/thick-thighs-thin-patience-pin	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/kindness-is-cool-crewneck	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/kindness-is-cool-crewneck	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/self-love-heart-necklace	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/self-love-heart-necklace	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/self-love-t-shirt-bundle	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/self-love-t-shirt-bundle	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/kindness-is-cool-t-shirt	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/kindness-is-cool-t-shirt	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/collections/brooches	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/collections/brooches	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/thick-thighs-thin-patience-pin	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/thick-thighs-thin-patience-pin	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/collections/all	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/collections/all	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/elegant-self-love-heart-bracelets	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/elegant-self-love-heart-bracelets	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/mental-health-matters-t-shirt	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/mental-health-matters-t-shirt	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/kindness-is-cool-t-shirt	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/kindness-is-cool-t-shirt	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/society-harms-mental-health-t-shirt	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/society-harms-mental-health-t-shirt	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/elegant-self-love-heart-bracelets	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/elegant-self-love-heart-bracelets	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/its-okay-soft-t-shirt-1	HTTP Parser: No <meta name="copyright".. found
Source: https://hereforyoushop.com/products/its-okay-soft-t-shirt-1	HTTP Parser: No <meta name="copyright".. found

Source: 6872ce7adcf25f4b_0.0.dr	String found in binary or memory: *O,9-iframe[src^="https://www.youtube.com/embed/"] equals www.youtube.com (Youtube)
Source: Current Session.0.dr	String found in binary or memory: X(https://www.facebook.com/tr/ [id ev ] #0 equals www.facebook.com (Facebook)
Source: Current Session.0.dr	String found in binary or memory: https://www.facebook.com/tr/ equals www.facebook.com (Facebook)
Source: 6872ce7adcf25f4b_0.0.dr	String found in binary or memory: iframe[src^="https://www.youtube.com/embed/"] equals www.youtube.com (Youtube)
Source: 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	String found in binary or memory: {"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://play.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13253111462515444","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://redirector.gvt1.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13253111462520284","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13253111462661645","port":443,"protocol_str":"quic"},{"advertised_versions":[50],"expiration":"13253111462661647","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://r3---sn-4g5e6ns6.gvt1.com"},{"alternative_service":[{"advertised_versions":[50],"expiration":"13253111470824289","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13253111475795303","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13253111477603026","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://www.recaptcha.net","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13253111478352367","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13253111469511544","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":27347},"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13253111478469172","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":25714},"server":"https://www.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13253111462893476","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":24497},"server":"https://fonts.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13253111478476728","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":24151},"server":"https://fonts.gstatic.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13253111515663258","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://content-autofill.googleapis.com","supports_spdy":true},{"isolation":[],"server":"http

Source: unknown

DNS traffic detected: queries for: hereforyoushop.com

Source: Current Session.0.dr	String found in binary or memory: http://cdn.shopify.com/s/files/1/0481/0922/4087/products/Black_4b15b1fe-ed1a-498d-a7c8-c86165023f02_
Source: Current Session.0.dr	String found in binary or memory: http://cdn.shopify.com/s/files/1/0481/0922/4087/products/Untitleddesign_0e21b5cd-5461-4ad6-a3b1-75f1
Source: Current Session.0.dr	String found in binary or memory: http://cdn.shopify.com/s/files/1/0481/0922/4087/products/Untitleddesigncopy3_e8ecceeb-7a07-41ba-91d0
Source: Current Session.0.dr	String found in binary or memory: http://cdn.shopify.com/s/files/1/0481/0922/4087/products/product-image-1379185385_1200x1200.jpg?v=15
Source: Current Session.0.dr	String found in binary or memory: http://cdn.shopify.com/s/files/1/0481/0922/4087/products/product-image-1379185388_1200x1200.jpg?v=15
Source: Current Session.0.dr	String found in binary or memory: http://cdn.shopify.com/s/files/1/0481/0922/4087/products/product-image-1379185390_1200x1200.jpg?v=15
Source: Current Session.0.dr	String found in binary or memory: http://schema.org/InStock
Source: Current Session.0.dr	String found in binary or memory: http://schema.org/Offer
Source: Current Session.0.dr	String found in binary or memory: http://schema.org/Organization
Source: Current Session.0.dr	String found in binary or memory: http://schema.org/Product
Source: manifest.json0.0.dr, 6e9c2337-b513-4f32-8b28-57bd9c22adca.tmp.1.dr, 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	String found in binary or memory: https://accounts.google.com
Source: manifest.json0.0.dr, 6e9c2337-b513-4f32-8b28-57bd9c22adca.tmp.1.dr, 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	String found in binary or memory: https://apis.google.com
Source: 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	String found in binary or memory: https://cdn.shopify.com
Source: Network Action Predictor.0.dr	String found in binary or memory: https://cdn.shopify.com/
Source: Current Session.0.dr	String found in binary or memory: https://cdn.shopify.com/s/files/1/0481/0922/4087/products/Untitleddesigncopy3_e8ecceeb-7a07-41ba-91d
Source: Current Session.0.dr	String found in binary or memory: https://cdn.shopify.com/s/files/1/0481/0922/4087/products/product-image-1379185390_1200x1200.jpg?v=1
Source: 1be31ae4a43afd1e_0.0.dr	String found in binary or memory: https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/bootstrap.min.js?v=7372439028658456128
Source: 1be31ae4a43afd1e_0.0.dr	String found in binary or memory: https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/bootstrap.min.js?v=7372439028658456128aD
Source: bba70edea388aead_0.0.dr	String found in binary or memory: https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/jquery.currencies.min.js?v=1750577607720
Source: 86df87e775f96432_0.0.dr, 082a66eaa50bffde_0.0.dr	String found in binary or memory: https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/jquery.js?v=8926416544707358891
Source: 082a66eaa50bffde_0.0.dr	String found in binary or memory: https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/jquery.js?v=8926416544707358891aD
Source: 15e065da0daca7fd_0.0.dr	String found in binary or memory: https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/lazysizes.js?v=6844146596460774066
Source: 15e065da0daca7fd_0.0.dr	String found in binary or memory: https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/lazysizes.js?v=6844146596460774066aD
Source: 814f1d3aefbc13c7_0.0.dr	String found in binary or memory: https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/readmore.min.js?v=11994212879037969866
Source: 814f1d3aefbc13c7_0.0.dr	String found in binary or memory: https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/readmore.min.js?v=11994212879037969866aD
Source: 1280eaf7baf34351_0.0.dr	String found in binary or memory: https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/theme.js?v=7548532355862316605
Source: 1280eaf7baf34351_0.0.dr	String found in binary or memory: https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/theme.js?v=7548532355862316605aD
Source: c158b458b7cee6a4_0.0.dr	String found in binary or memory: https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/vendor.js?v=10210318190529598248
Source: b0beb027e8e5de96_0.0.dr	String found in binary or memory: https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/vendor.js?v=10210318190529598248a
Source: b0beb027e8e5de96_0.0.dr	String found in binary or memory: https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/vendor.js?v=10210318190529598248aD
Source: 5c5bd7a64ba48473_0.0.dr	String found in binary or memory: https://cdn.shopify.com/s/javascripts/currencies.js
Source: 5c5bd7a64ba48473_0.0.dr	String found in binary or memory: https://cdn.shopify.com/s/javascripts/currencies.jsaD
Source: 589454532e0beb88_0.0.dr	String found in binary or memory: https://cdn.shopify.com/s/trekkie.storefront.3bc22f7b201bea3154c99666f2373bcf9a3e8fb1.min.js
Source: 5e69cf08ea327492_0.0.dr	String found in binary or memory: https://cdn.shopify.com/s/trekkie.storefront.3bc22f7b201bea3154c99666f2373bcf9a3e8fb1.min.jsa
Source: 5e69cf08ea327492_0.0.dr	String found in binary or memory: https://cdn.shopify.com/s/trekkie.storefront.3bc22f7b201bea3154c99666f2373bcf9a3e8fb1.min.jsaD
Source: 5d760ce477ab20fb_0.0.dr	String found in binary or memory: https://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js
Source: b6e0bfd2dc8319e1_0.0.dr	String found in binary or memory: https://cdn.shopify.com/shopifycloud/consent-tracking-api/v0.1/consent-tracking-api.js
Source: efbb20c56b919bd6_0.0.dr	String found in binary or memory: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-68ba3f1321f00bf07cb78a03841
Source: 1437dc07a563bc7f_0.0.dr	String found in binary or memory: https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/features-87e8399988880142f2c62771b9d8
Source: 6872ce7adcf25f4b_0.0.dr	String found in binary or memory: https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/load_feature-24ff1222c9aa13bb217653c0
Source: e7bec4ed4587ef3d_0.0.dr	String found in binary or memory: https://cdn.shopify.com/shopifycloud/storefront-recaptcha-v3/v0.1/index.js
Source: 6e9c2337-b513-4f32-8b28-57bd9c22adca.tmp.1.dr, 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 6e9c2337-b513-4f32-8b28-57bd9c22adca.tmp.1.dr, 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	String found in binary or memory: https://connect.facebook.net
Source: 2eaa7ed6113c80dc_0.0.dr	String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: 998808883a4f4580_0.0.dr	String found in binary or memory: https://connect.facebook.net/signals/config/713019789423044?v=2.9.29&r=stable
Source: 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	String found in binary or memory: https://content-autofill.googleapis.com
Source: manifest.json0.0.dr	String found in binary or memory: https://content.googleapis.com
Source: 70747a5c451cd1e1_0.0.dr, 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	String found in binary or memory: https://ct.pinterest.com
Source: 757b8612-66df-44d6-bb36-9c409cb178c4.tmp.1.dr, 17ac53e6-8fee-4d6e-8ab0-c4ee83ce8b99.tmp.1.dr, 6e9c2337-b513-4f32-8b28-57bd9c22adca.tmp.1.dr, 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	String found in binary or memory: https://dns.google
Source: manifest.json0.0.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 6e9c2337-b513-4f32-8b28-57bd9c22adca.tmp.1.dr, 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: Network Action Predictor.0.dr	String found in binary or memory: https://fonts.googleapis.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: 6e9c2337-b513-4f32-8b28-57bd9c22adca.tmp.1.dr, 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	String found in binary or memory: https://fonts.gstatic.com
Source: Network Action Predictor.0.dr	String found in binary or memory: https://fonts.gstatic.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: cbbf2764fba56c85_0.0.dr	String found in binary or memory: https://google.com/
Source: e1b5eda50cde505d_0.0.dr	String found in binary or memory: https://google.com/db
Source: manifest.json0.0.dr	String found in binary or memory: https://hangouts.google.com/
Source: 000003.log3.0.dr, Current Session.0.dr, 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	String found in binary or memory: https://hereforyoushop.com
Source: 000003.log3.0.dr	String found in binary or memory: https://hereforyoushop.com(_https://hereforyoushop.com
Source: 000003.log0.0.dr	String found in binary or memory: https://hereforyoushop.com/
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/#
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/#E
Source: History-journal.0.dr	String found in binary or memory: https://hereforyoushop.com/#Here
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/#MainContent
Source: History Provider Cache.0.dr	String found in binary or memory: https://hereforyoushop.com/#MainContent2
Source: History-journal.0.dr	String found in binary or memory: https://hereforyoushop.com/#MainContentHere
Source: 5d760ce477ab20fb_0.0.dr	String found in binary or memory: https://hereforyoushop.com/(
Source: 0b236b7f5bf72364_0.0.dr	String found in binary or memory: https://hereforyoushop.com/)
Source: 998808883a4f4580_0.0.dr	String found in binary or memory: https://hereforyoushop.com/-Q
Source: 2eaa7ed6113c80dc_0.0.dr	String found in binary or memory: https://hereforyoushop.com/.
Source: History Provider Cache.0.dr	String found in binary or memory: https://hereforyoushop.com/2
Source: 86df87e775f96432_0.0.dr	String found in binary or memory: https://hereforyoushop.com/57
Source: 2eaa7ed6113c80dc_0.0.dr	String found in binary or memory: https://hereforyoushop.com/7
Source: 6ed4a4600e77f5dc_0.0.dr	String found in binary or memory: https://hereforyoushop.com/;
Source: 1be31ae4a43afd1e_0.0.dr	String found in binary or memory: https://hereforyoushop.com/D
Source: 6ed4a4600e77f5dc_0.0.dr	String found in binary or memory: https://hereforyoushop.com/F
Source: 6ed4a4600e77f5dc_0.0.dr	String found in binary or memory: https://hereforyoushop.com/G
Source: History-journal.0.dr	String found in binary or memory: https://hereforyoushop.com/Here
Source: 2eaa7ed6113c80dc_0.0.dr	String found in binary or memory: https://hereforyoushop.com/L
Source: efbb20c56b919bd6_0.0.dr	String found in binary or memory: https://hereforyoushop.com/Lq
Source: 6ed4a4600e77f5dc_0.0.dr	String found in binary or memory: https://hereforyoushop.com/N
Source: 998808883a4f4580_0.0.dr	String found in binary or memory: https://hereforyoushop.com/Qf
Source: b6e0bfd2dc8319e1_0.0.dr	String found in binary or memory: https://hereforyoushop.com/T
Source: 0e0db2eb3425f0d0_0.0.dr	String found in binary or memory: https://hereforyoushop.com/T%
Source: 2eaa7ed6113c80dc_0.0.dr	String found in binary or memory: https://hereforyoushop.com/W#
Source: b6e0bfd2dc8319e1_0.0.dr	String found in binary or memory: https://hereforyoushop.com/Y
Source: b6e0bfd2dc8319e1_0.0.dr	String found in binary or memory: https://hereforyoushop.com/_
Source: b6e0bfd2dc8319e1_0.0.dr	String found in binary or memory: https://hereforyoushop.com/_2
Source: 5d760ce477ab20fb_0.0.dr	String found in binary or memory: https://hereforyoushop.com/b
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/cart
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/cart/add
Source: History-journal.0.dr	String found in binary or memory: https://hereforyoushop.com/cartYour
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/collections/all
Source: History-journal.0.dr	String found in binary or memory: https://hereforyoushop.com/collections/allProducts
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/collections/brooches
Source: History.0.dr	String found in binary or memory: https://hereforyoushop.com/collections/broochesBrooches
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/collections/frontpage
Source: History.0.dr	String found in binary or memory: https://hereforyoushop.com/collections/frontpageHome
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/collections/t-shirts
Source: History.0.dr	String found in binary or memory: https://hereforyoushop.com/collections/t-shirtsT-Shirts
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/contact#contact_form
Source: 0e0db2eb3425f0d0_0.0.dr	String found in binary or memory: https://hereforyoushop.com/f
Source: b6e0bfd2dc8319e1_0.0.dr	String found in binary or memory: https://hereforyoushop.com/h
Source: 6ed4a4600e77f5dc_0.0.dr	String found in binary or memory: https://hereforyoushop.com/i
Source: 6ed4a4600e77f5dc_0.0.dr	String found in binary or memory: https://hereforyoushop.com/j
Source: 998808883a4f4580_0.0.dr	String found in binary or memory: https://hereforyoushop.com/l
Source: 6872ce7adcf25f4b_0.0.dr	String found in binary or memory: https://hereforyoushop.com/m
Source: 2eaa7ed6113c80dc_0.0.dr	String found in binary or memory: https://hereforyoushop.com/n
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/pages/contact-us
Source: History-journal.0.dr	String found in binary or memory: https://hereforyoushop.com/pages/contact-usContact
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/products/elegant-self-love-heart-bracelets
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/products/elegant-self-love-heart-bracelets0Elegant
Source: History-journal.0.dr	String found in binary or memory: https://hereforyoushop.com/products/elegant-self-love-heart-braceletsElegant
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/products/infinite-self-love-luxury-bracelet
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/products/infinite-self-love-luxury-bracelet1Infinite
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/products/infinite-self-love-luxury-bracelet67p
Source: History-journal.0.dr	String found in binary or memory: https://hereforyoushop.com/products/infinite-self-love-luxury-braceletInfinite
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/products/its-okay-soft-t-shirt-1
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/products/its-okay-soft-t-shirt-1%IT
Source: History-journal.0.dr	String found in binary or memory: https://hereforyoushop.com/products/its-okay-soft-t-shirt-1IT
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/products/kindness-is-cool-crewneck
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/products/kindness-is-cool-crewneck(KINDNESS
Source: History-journal.0.dr	String found in binary or memory: https://hereforyoushop.com/products/kindness-is-cool-crewneckKINDNESS
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/products/kindness-is-cool-t-shirt
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/products/kindness-is-cool-t-shirt2
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/products/kindness-is-cool-t-shirt2KINDNESS
Source: History-journal.0.dr	String found in binary or memory: https://hereforyoushop.com/products/kindness-is-cool-t-shirtKINDNESS
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/products/mental-health-matters-t-shirt
Source: History-journal.0.dr	String found in binary or memory: https://hereforyoushop.com/products/mental-health-matters-t-shirtMENTAL
Source: Current Session.0.dr, History-journal.0.dr	String found in binary or memory: https://hereforyoushop.com/products/mental-health-therapist-t-shirt-1
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/products/mental-health-therapist-t-shirt-1.MENTAL
Source: History-journal.0.dr	String found in binary or memory: https://hereforyoushop.com/products/mental-health-therapist-t-shirt-1MENTAL
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/products/self-love-heart-necklace
Source: History-journal.0.dr	String found in binary or memory: https://hereforyoushop.com/products/self-love-heart-necklaceSelf
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/products/self-love-t-shirt-bundle
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/products/self-love-t-shirt-bundleE
Source: History-journal.0.dr	String found in binary or memory: https://hereforyoushop.com/products/self-love-t-shirt-bundleSELF
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/products/society-harms-mental-health-t-shirt
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/products/society-harms-mental-health-t-shirt2SOCIETY
Source: History.0.dr	String found in binary or memory: https://hereforyoushop.com/products/society-harms-mental-health-t-shirtSOCIETY
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/products/society-harms-mental-health-t-shirtq
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/products/thick-thighs-thin-patience-pin
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/products/thick-thighs-thin-patience-pin-Thick
Source: History-journal.0.dr	String found in binary or memory: https://hereforyoushop.com/products/thick-thighs-thin-patience-pinThick
Source: 5d760ce477ab20fb_0.0.dr	String found in binary or memory: https://hereforyoushop.com/q
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.com/search
Source: 5d760ce477ab20fb_0.0.dr	String found in binary or memory: https://hereforyoushop.com/y
Source: 2eaa7ed6113c80dc_0.0.dr	String found in binary or memory: https://hereforyoushop.com/y.a
Source: b6e0bfd2dc8319e1_0.0.dr	String found in binary or memory: https://hereforyoushop.com/~
Source: Current Session.0.dr	String found in binary or memory: https://hereforyoushop.comh
Source: 5e69cf08ea327492_0.0.dr	String found in binary or memory: https://monorail-edge-ca.shopifycloud.com/unstable/produce_batch
Source: 5e69cf08ea327492_0.0.dr	String found in binary or memory: https://monorail-edge-staging.shopifycloud.com/unstable/produce_batch
Source: Reporting and NEL.1.dr	String found in binary or memory: https://monorail-edge.shopifycloud.com/v1/reports/nel/20190325/shopify
Source: 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	String found in binary or memory: https://monorail-edge.shopifysvc.com
Source: 5e69cf08ea327492_0.0.dr	String found in binary or memory: https://monorail-edge.shopifysvc.com/unstable/produce_batch
Source: 6e9c2337-b513-4f32-8b28-57bd9c22adca.tmp.1.dr, 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 6e9c2337-b513-4f32-8b28-57bd9c22adca.tmp.1.dr, 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	String found in binary or memory: https://play.google.com
Source: 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	String found in binary or memory: https://r3---sn-4g5e6ns6.gvt1.com
Source: 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	String found in binary or memory: https://redirector.gvt1.com
Source: ca932e2c-23e4-4714-8052-8216e9707af2.tmp.1.dr, e8c5a264-bfca-475a-afbc-dff302b8b0e0.tmp.1.dr, ee657c71-c661-484c-b8cc-e30444e4dfba.tmp.1.dr, 4d628761-e60a-473a-a9ad-b64a07be6e03.tmp.1.dr, 0faed520-790d-49e2-a751-22a3606aef22.tmp.1.dr, adb15d0b-a6f8-4999-acb0-f2aca8aee801.tmp.1.dr	String found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Source: 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	String found in binary or memory: https://s.pinimg.com
Source: 0b236b7f5bf72364_0.0.dr	String found in binary or memory: https://s.pinimg.com/ct/core.js
Source: 0b236b7f5bf72364_0.0.dr	String found in binary or memory: https://s.pinimg.com/ct/core.jsaD
Source: 0b236b7f5bf72364_0.0.dr, 70747a5c451cd1e1_0.0.dr	String found in binary or memory: https://s.pinimg.com/ct/lib/main.d71a97dd.js
Source: 70747a5c451cd1e1_0.0.dr	String found in binary or memory: https://s.pinimg.com/ct/lib/main.d71a97dd.jsa
Source: 70747a5c451cd1e1_0.0.dr	String found in binary or memory: https://s.pinimg.com/ct/lib/main.d71a97dd.jsaD
Source: manifest.json.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 6ed4a4600e77f5dc_0.0.dr	String found in binary or memory: https://sellup.herokuapp.com/kartifyjs/kartify.js?shop=imhereforyouco.myshopify.com
Source: 0e0db2eb3425f0d0_0.0.dr	String found in binary or memory: https://sellup.herokuapp.com/upseller.js?shop=imhereforyouco.myshopify.com
Source: 6e9c2337-b513-4f32-8b28-57bd9c22adca.tmp.1.dr, 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	String found in binary or memory: https://ssl.gstatic.com
Source: messages.json41.0.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: Current Session.0.dr, manifest.json0.0.dr, 6e9c2337-b513-4f32-8b28-57bd9c22adca.tmp.1.dr, 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	String found in binary or memory: https://www.google.com
Source: QuotaManager.0.dr, manifest.json.0.dr, 000003.log0.0.dr	String found in binary or memory: https://www.google.com/
Source: QuotaManager.0.dr	String found in binary or memory: https://www.google.com//
Source: e1b5eda50cde505d_0.0.dr	String found in binary or memory: https://www.google.com/js/bg/O67mjpEsjT-AT91MDd0pGc2bzg3wulEAhSoq1-VXop8.js
Source: Current Session.0.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcCR2cUAAAAANS1Gpq_mDIJ2pQuJphsSQaUEuc9&co=aHR0
Source: manifest.json0.0.dr	String found in binary or memory: https://www.google.com;
Source: Current Session.0.dr	String found in binary or memory: https://www.google.comh
Source: 6e9c2337-b513-4f32-8b28-57bd9c22adca.tmp.1.dr, 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 6e9c2337-b513-4f32-8b28-57bd9c22adca.tmp.1.dr, 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	String found in binary or memory: https://www.gstatic.com
Source: cbbf2764fba56c85_0.0.dr, 617d53ca9fdcd6ce_0.0.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/UFwvoDBMjc8LiYc1DKXiAomK/recaptcha__en.js
Source: manifest.json0.0.dr	String found in binary or memory: https://www.gstatic.com;
Source: 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	String found in binary or memory: https://www.recaptcha.net
Source: 6872ce7adcf25f4b_0.0.dr	String found in binary or memory: https://www.youtube.com/embed/

Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822

Source: classification engine

Classification label: sus21.phis.win@60/211@14/11

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5FBA50A1-14B0.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\cd8d86ae-d73b-4eb6-84fb-7aed6c1b2585.tmp

Jump to behavior

Source: QuotaManager.0.dr

Binary or memory string: CREATE TABLE HostQuotaTable(host TEXT NOT NULL, type INTEGER NOT NULL, quota INTEGER DEFAULT 0, UNIQUE(host, type));

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized 'https://hereforyoushop.com/'
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,3476142158133594979,17999344869319396226,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1724 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,3476142158133594979,17999344869319396226,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1724 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Drive-by Compromise1	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading3	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://hereforyoushop.com/	0%	Virustotal		Browse
https://hereforyoushop.com/	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Link
prod.pinterest.global.map.fastly.net	0%	Virustotal	Browse
hereforyoushop.com	0%	Virustotal	Browse
www.recaptcha.net	0%	Virustotal	Browse
sellup.herokuapp.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
https://hereforyoushop.com/#E	0%	Avira URL Cloud	safe
https://hereforyoushop.com/products/elegant-self-love-heart-bracelets0Elegant	0%	Avira URL Cloud	safe
https://hereforyoushop.com/(	0%	Avira URL Cloud	safe
https://hereforyoushop.com/pages/contact-usContact	0%	Avira URL Cloud	safe
https://hereforyoushop.com/products/its-okay-soft-t-shirt-1IT	0%	Avira URL Cloud	safe
https://hereforyoushop.com/products/thick-thighs-thin-patience-pin-Thick	0%	Avira URL Cloud	safe
https://hereforyoushop.com/.	0%	Avira URL Cloud	safe
https://hereforyoushop.com/#MainContent2	0%	Avira URL Cloud	safe
https://hereforyoushop.com/)	0%	Avira URL Cloud	safe
https://hereforyoushop.com/products/mental-health-therapist-t-shirt-1MENTAL	0%	Avira URL Cloud	safe
https://hereforyoushop.com/products/elegant-self-love-heart-braceletsElegant	0%	Avira URL Cloud	safe
https://hereforyoushop.com/F	0%	Avira URL Cloud	safe
https://hereforyoushop.com/G	0%	Avira URL Cloud	safe
https://hereforyoushop.com/D	0%	Avira URL Cloud	safe
https://hereforyoushop.com(_https://hereforyoushop.com	0%	Avira URL Cloud	safe
https://hereforyoushop.com/N	0%	Avira URL Cloud	safe
https://hereforyoushop.com/L	0%	Avira URL Cloud	safe
https://hereforyoushop.com/#MainContentHere	0%	Avira URL Cloud	safe
https://hereforyoushop.com/collections/frontpage	0%	Avira URL Cloud	safe
https://hereforyoushop.com/products/kindness-is-cool-t-shirtKINDNESS	0%	Avira URL Cloud	safe
https://hereforyoushop.com/T%	0%	Avira URL Cloud	safe
https://hereforyoushop.com/7	0%	Avira URL Cloud	safe
https://hereforyoushop.com/collections/broochesBrooches	0%	Avira URL Cloud	safe
https://hereforyoushop.com/products/mental-health-matters-t-shirtMENTAL	0%	Avira URL Cloud	safe
https://hereforyoushop.com/2	0%	Avira URL Cloud	safe
https://hereforyoushop.com/products/kindness-is-cool-crewneckKINDNESS	0%	Avira URL Cloud	safe
https://hereforyoushop.com/products/society-harms-mental-health-t-shirtq	0%	Avira URL Cloud	safe
https://hereforyoushop.comh	0%	Avira URL Cloud	safe
https://hereforyoushop.com/products/its-okay-soft-t-shirt-1%IT	0%	Avira URL Cloud	safe
https://hereforyoushop.com/cartYour	0%	Avira URL Cloud	safe
https://hereforyoushop.com/;	0%	Avira URL Cloud	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://hereforyoushop.com/contact#contact_form	0%	Avira URL Cloud	safe
https://hereforyoushop.com/h	0%	Avira URL Cloud	safe
https://hereforyoushop.com/b	0%	Avira URL Cloud	safe
https://hereforyoushop.com/m	0%	Avira URL Cloud	safe
https://hereforyoushop.com/i	0%	Avira URL Cloud	safe
https://hereforyoushop.com/j	0%	Avira URL Cloud	safe
https://hereforyoushop.com/products/society-harms-mental-health-t-shirtSOCIETY	0%	Avira URL Cloud	safe
https://hereforyoushop.com/products/self-love-t-shirt-bundleE	0%	Avira URL Cloud	safe
https://hereforyoushop.com/Qf	0%	Avira URL Cloud	safe
https://hereforyoushop.com/T	0%	Avira URL Cloud	safe
https://hereforyoushop.com/_	0%	Avira URL Cloud	safe
https://hereforyoushop.com/collections/t-shirts	0%	Avira URL Cloud	safe
https://hereforyoushop.com/Y	0%	Avira URL Cloud	safe
https://hereforyoushop.com/products/kindness-is-cool-crewneck(KINDNESS	0%	Avira URL Cloud	safe
https://monorail-edge.shopifysvc.com	0%	Avira URL Cloud	safe
https://hereforyoushop.com/products/society-harms-mental-health-t-shirt2SOCIETY	0%	Avira URL Cloud	safe
https://hereforyoushop.com/q	0%	Avira URL Cloud	safe
https://hereforyoushop.com/~	0%	Avira URL Cloud	safe
https://hereforyoushop.com/collections/allProducts	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
star-mini.c10r.facebook.com	185.60.216.35	true	false		high
scontent.xx.fbcdn.net	185.60.216.19	true	false		high
prod.pinterest.global.map.fastly.net	151.101.0.84	true	false	0%, Virustotal, Browse	unknown
hereforyoushop.com	23.227.38.65	true	false	0%, Virustotal, Browse	unknown
www.recaptcha.net	142.250.74.195	true	false	0%, Virustotal, Browse	unknown
monorail-production-web-apps-a-us-east1-2.shopifycloud.com	35.185.69.233	true	false		high
sellup.herokuapp.com	52.72.160.125	true	false	0%, Virustotal, Browse	unknown
googlehosted.l.googleusercontent.com	172.217.16.193	true	false		high
tls13.shopify.map.fastly.net	151.101.1.12	true	false		unknown
clients2.googleusercontent.com	unknown	unknown	false		high
www.facebook.com	unknown	unknown	false		high
monorail-edge.shopifysvc.com	unknown	unknown	false		unknown
s.pinimg.com	unknown	unknown	false		high
cdn.shopify.com	unknown	unknown	false		high
connect.facebook.net	unknown	unknown	false		high
ct.pinterest.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Reputation
https://hereforyoushop.com/pages/contact-us	true	unknown
https://hereforyoushop.com/collections/all	true	unknown
https://hereforyoushop.com/#	true	unknown
https://hereforyoushop.com/products/mental-health-matters-t-shirt	true	unknown
https://hereforyoushop.com/#MainContent	true	unknown
https://hereforyoushop.com/products/mental-health-therapist-t-shirt-1	true	unknown
https://hereforyoushop.com/cart	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://hereforyoushop.com/#E	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/products/elegant-self-love-heart-bracelets0Elegant	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/(	5d760ce477ab20fb_0.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/pages/contact-usContact	History-journal.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/products/its-okay-soft-t-shirt-1IT	History-journal.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/products/thick-thighs-thin-patience-pin-Thick	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://cdn.shopify.com/s/javascripts/currencies.jsaD	5c5bd7a64ba48473_0.0.dr	false		high
https://hereforyoushop.com/products/kindness-is-cool-t-shirt	Current Session.0.dr	false		unknown
http://cdn.shopify.com/s/files/1/0481/0922/4087/products/product-image-1379185388_1200x1200.jpg?v=15	Current Session.0.dr	false		high
https://hereforyoushop.com/#	Current Session.0.dr	false		unknown
https://hereforyoushop.com/products/self-love-t-shirt-bundle	Current Session.0.dr	false		unknown
https://hereforyoushop.com/.	2eaa7ed6113c80dc_0.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/#MainContent2	History Provider Cache.0.dr	false	Avira URL Cloud: safe	unknown
https://www.youtube.com/embed/	6872ce7adcf25f4b_0.0.dr	false		high
http://cdn.shopify.com/s/files/1/0481/0922/4087/products/product-image-1379185390_1200x1200.jpg?v=15	Current Session.0.dr	false		high
https://cdn.shopify.com/s/files/1/0481/0922/4087/products/Untitleddesigncopy3_e8ecceeb-7a07-41ba-91d	Current Session.0.dr	false		high
https://hereforyoushop.com/)	0b236b7f5bf72364_0.0.dr	false	Avira URL Cloud: safe	unknown
https://cdn.shopify.com/shopifycloud/consent-tracking-api/v0.1/consent-tracking-api.js	b6e0bfd2dc8319e1_0.0.dr	false		high
https://cdn.shopify.com/s/trekkie.storefront.3bc22f7b201bea3154c99666f2373bcf9a3e8fb1.min.js	589454532e0beb88_0.0.dr	false		high
https://hereforyoushop.com/products/mental-health-therapist-t-shirt-1MENTAL	History-journal.0.dr	false	Avira URL Cloud: safe	unknown
https://ct.pinterest.com	70747a5c451cd1e1_0.0.dr, 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	false		high
http://cdn.shopify.com/s/files/1/0481/0922/4087/products/Untitleddesign_0e21b5cd-5461-4ad6-a3b1-75f1	Current Session.0.dr	false		high
https://hereforyoushop.com/products/elegant-self-love-heart-braceletsElegant	History-journal.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/F	6ed4a4600e77f5dc_0.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/G	6ed4a4600e77f5dc_0.0.dr	false	Avira URL Cloud: safe	unknown
https://connect.facebook.net/signals/config/713019789423044?v=2.9.29&r=stable	998808883a4f4580_0.0.dr	false		high
http://cdn.shopify.com/s/files/1/0481/0922/4087/products/Black_4b15b1fe-ed1a-498d-a7c8-c86165023f02_	Current Session.0.dr	false		high
https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/bootstrap.min.js?v=7372439028658456128	1be31ae4a43afd1e_0.0.dr	false		high
https://hereforyoushop.com/D	1be31ae4a43afd1e_0.0.dr	false	Avira URL Cloud: safe	unknown
https://s.pinimg.com	1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	false		high
https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/theme.js?v=7548532355862316605	1280eaf7baf34351_0.0.dr	false		high
https://hereforyoushop.com(_https://hereforyoushop.com	000003.log3.0.dr	false	Avira URL Cloud: safe	low
https://hereforyoushop.com/N	6ed4a4600e77f5dc_0.0.dr	false	Avira URL Cloud: safe	unknown
https://monorail-edge-ca.shopifycloud.com/unstable/produce_batch	5e69cf08ea327492_0.0.dr	false		high
https://connect.facebook.net/en_US/fbevents.js	2eaa7ed6113c80dc_0.0.dr	false		high
https://s.pinimg.com/ct/lib/main.d71a97dd.js	0b236b7f5bf72364_0.0.dr, 70747a5c451cd1e1_0.0.dr	false		high
https://hereforyoushop.com/collections/brooches	Current Session.0.dr	false		unknown
https://hereforyoushop.com/L	2eaa7ed6113c80dc_0.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/products/mental-health-matters-t-shirt	Current Session.0.dr	false		unknown
https://hereforyoushop.com/#MainContentHere	History-journal.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/collections/frontpage	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/products/kindness-is-cool-t-shirtKINDNESS	History-journal.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/T%	0e0db2eb3425f0d0_0.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/7	2eaa7ed6113c80dc_0.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/collections/broochesBrooches	History.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/products/mental-health-matters-t-shirtMENTAL	History-journal.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/2	History Provider Cache.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/pages/contact-us	Current Session.0.dr	false		unknown
https://hereforyoushop.com/products/kindness-is-cool-crewneckKINDNESS	History-journal.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/products/society-harms-mental-health-t-shirtq	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.comh	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/products/its-okay-soft-t-shirt-1%IT	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/cartYour	History-journal.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/products/thick-thighs-thin-patience-pin	Current Session.0.dr	false		unknown
http://schema.org/Offer	Current Session.0.dr	false		high
https://hereforyoushop.com/;	6ed4a4600e77f5dc_0.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/f	0e0db2eb3425f0d0_0.0.dr	false		unknown
https://dns.google	757b8612-66df-44d6-bb36-9c409cb178c4.tmp.1.dr, 17ac53e6-8fee-4d6e-8ab0-c4ee83ce8b99.tmp.1.dr, 6e9c2337-b513-4f32-8b28-57bd9c22adca.tmp.1.dr, 1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://hereforyoushop.com/contact#contact_form	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://cdn.shopify.com/shopifycloud/storefront-recaptcha-v3/v0.1/index.js	e7bec4ed4587ef3d_0.0.dr	false		high
https://hereforyoushop.com/h	b6e0bfd2dc8319e1_0.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/b	5d760ce477ab20fb_0.0.dr	false	Avira URL Cloud: safe	unknown
https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/vendor.js?v=10210318190529598248a	b0beb027e8e5de96_0.0.dr	false		high
https://hereforyoushop.com/m	6872ce7adcf25f4b_0.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/n	2eaa7ed6113c80dc_0.0.dr	false		unknown
https://hereforyoushop.com/products/infinite-self-love-luxury-bracelet	Current Session.0.dr	false		unknown
https://hereforyoushop.com/i	6ed4a4600e77f5dc_0.0.dr	false	Avira URL Cloud: safe	unknown
https://s.pinimg.com/ct/lib/main.d71a97dd.jsa	70747a5c451cd1e1_0.0.dr	false		high
https://hereforyoushop.com/j	6ed4a4600e77f5dc_0.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/products/society-harms-mental-health-t-shirtSOCIETY	History.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/l	998808883a4f4580_0.0.dr	false		unknown
https://hereforyoushop.com/products/self-love-t-shirt-bundleE	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/lazysizes.js?v=6844146596460774066	15e065da0daca7fd_0.0.dr	false		high
https://hereforyoushop.com/Qf	998808883a4f4580_0.0.dr	false	Avira URL Cloud: safe	unknown
https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/readmore.min.js?v=11994212879037969866aD	814f1d3aefbc13c7_0.0.dr	false		high
https://hereforyoushop.com/T	b6e0bfd2dc8319e1_0.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/_	b6e0bfd2dc8319e1_0.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/collections/t-shirts	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/Y	b6e0bfd2dc8319e1_0.0.dr	false	Avira URL Cloud: safe	unknown
https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/readmore.min.js?v=11994212879037969866	814f1d3aefbc13c7_0.0.dr	false		high
https://s.pinimg.com/ct/core.jsaD	0b236b7f5bf72364_0.0.dr	false		high
https://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js	5d760ce477ab20fb_0.0.dr	false		high
https://hereforyoushop.com/	000003.log0.0.dr	false		unknown
https://hereforyoushop.com/products/mental-health-therapist-t-shirt-1	Current Session.0.dr, History-journal.0.dr	false		unknown
https://hereforyoushop.com/products/kindness-is-cool-crewneck(KINDNESS	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://monorail-edge.shopifysvc.com	1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp.1.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/products/society-harms-mental-health-t-shirt2SOCIETY	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://hereforyoushop.com/q	5d760ce477ab20fb_0.0.dr	false	Avira URL Cloud: safe	unknown
http://schema.org/Organization	Current Session.0.dr	false		high
https://hereforyoushop.com/~	b6e0bfd2dc8319e1_0.0.dr	false	Avira URL Cloud: safe	unknown
https://feedback.googleusercontent.com	manifest.json0.0.dr	false		high
https://hereforyoushop.com/y	5d760ce477ab20fb_0.0.dr	false		unknown
https://hereforyoushop.com/collections/allProducts	History-journal.0.dr	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
151.101.0.84	unknown	United States	54113	FASTLYUS	false
142.250.74.195	unknown	United States	15169	GOOGLEUS	false
185.60.216.35	unknown	Ireland	32934	FACEBOOKUS	false
23.227.38.65	unknown	Canada	13335	CLOUDFLARENETUS	false
35.185.69.233	unknown	United States	15169	GOOGLEUS	false
185.60.216.19	unknown	Ireland	32934	FACEBOOKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
52.72.160.125	unknown	United States	14618	AMAZON-AESUS	false
172.217.16.193	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
127.0.0.1

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	321429
Start date:	22.11.2020
Start time:	03:50:10
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 39s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	https://hereforyoushop.com/
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	SUS
Classification:	sus21.phis.win@60/211@14/11
Cookbook Comments:	Adjust boot time Enable AMSI Browse: https://hereforyoushop.com/#MainContent Browse: https://hereforyoushop.com/collections/all Browse: https://hereforyoushop.com/pages/contact-us Browse: https://hereforyoushop.com/# Browse: https://hereforyoushop.com/cart Browse: https://hereforyoushop.com/products/its-okay-soft-t-shirt-1 Browse: https://hereforyoushop.com/products/mental-health-matters-t-shirt Browse: https://hereforyoushop.com/products/mental-health-therapist-t-shirt-1 Browse: https://hereforyoushop.com/products/self-love-heart-necklace Browse: https://hereforyoushop.com/products/self-love-t-shirt-bundle Browse: https://hereforyoushop.com/products/kindness-is-cool-crewneck Browse: https://hereforyoushop.com/products/kindness-is-cool-t-shirt Browse: https://hereforyoushop.com/products/infinite-self-love-luxury-bracelet Browse: https://hereforyoushop.com/products/elegant-self-love-heart-bracelets Browse: https://hereforyoushop.com/products/thick-thighs-thin-patience-pin Browse: https://hereforyoushop.com/products/society-harms-mental-health-t-shirt Browse: https://hereforyoushop.com/collections/frontpage Browse: https://hereforyoushop.com/collections/brooches Browse: https://hereforyoushop.com/collections/t-shirts
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded IPs from analysis (whitelisted): 40.88.32.150, 13.88.21.125, 172.217.18.13, 172.217.16.142, 216.58.206.14, 216.58.212.163, 173.194.187.8, 173.194.182.74, 104.83.103.220, 172.217.18.106, 216.58.205.227, 172.217.23.138, 2.20.84.189, 216.58.208.42, 216.58.210.10, 216.58.212.138, 172.217.22.42, 172.217.22.106, 216.58.212.170, 142.250.74.202, 172.217.23.170, 172.217.22.74, 172.217.21.234, 216.58.205.234, 172.217.21.202, 172.217.18.10, 216.58.207.42, 172.217.18.99, 216.58.208.36, 2.20.84.85, 51.11.168.160, 205.185.216.42, 205.185.216.10, 172.217.16.131, 173.194.187.70, 20.54.26.129, 92.122.213.247, 92.122.213.194 Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, arc.msn.com.nsatc.net, r3---sn-4g5e6ns6.gvt1.com, e6449.dsca.akamaiedge.net, r1---sn-4g5e6nsk.gvt1.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, skypedataprdcoleus15.cloudapp.net, 2-01-37d2-0006.cdx.cedexis.net, clients2.google.com, redirector.gvt1.com, cdn.shopify.com-v3.edgekey.net, 2-01-37d2-0018.cdx.cedexis.net, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, update.googleapis.com, www.google.com, watson.telemetry.microsoft.com, www.gstatic.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, fonts.gstatic.com, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, r1.sn-4g5e6nsk.gvt1.com, cds.d2s7q6s2.hwcdn.net, www.googleapis.com, r5.sn-4g5e6ns7.gvt1.com, ris.api.iris.microsoft.com, e11787.dscb.akamaiedge.net, s.pinimg.com.edgekey.net, blobcollector.events.data.trafficmanager.net, clients.l.google.com, r5---sn-4g5e6ns7.gvt1.com, skypedataprdcolwus15.cloudapp.net, r3.sn-4g5e6ns6.gvt1.com Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	451603
Entropy (8bit):	5.009711072558331
Encrypted:	false
SSDEEP:	12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
MD5:	A78AD14E77147E7DE3647E61964C0335
SHA1:	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
SHA-256:	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
SHA-512:	DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
Malicious:	false
Reputation:	low
Preview:	BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

C:\Users\user\AppData\Local\Google\Chrome\User Data\09346957-94a7-47c1-a770-d80cd6e09c95.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	95428
Entropy (8bit):	3.7513050246997923
Encrypted:	false
SSDEEP:	384:NrcTbJWI9S5lViY/aN/r8vrR3s7Z4HhoGwvrK1/7xMV1Rkr+jmeKUWB/f3IOVNHj:NO61Na1MQ0eLDF14XHOBKTRfhZ
MD5:	1C4E21675F4AACF683B060607E478135
SHA1:	240CD0D09E486B871428F0505E83D46720ABF822
SHA-256:	FCC2CB4CBC83EC13DE2528B4AD91AC249DC33AF53BC1C26DDE78D40FDD1094DE
SHA-512:	B9F5300B878FF92CF8579662314D8F9574083E06ACF15271F5A54E65EC1F05D64964E7C72C11AACEAD34422F46D7E3536E4F5EAC46CE8C33486D1D36B9FBE94A
Malicious:	false
Reputation:	low
Preview:	.t.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....)8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\33173c18-e430-4ba3-aee3-1c3590f5e8ee.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	162445
Entropy (8bit):	6.082731510765196
Encrypted:	false
SSDEEP:	3072:XNwA2NNCxQM9b0q+szv+tnMIWFcbXafIB0u1GOJmA3iuRp:9wrExQM9b7fD+ZMfaqfIlUOoSiuRp
MD5:	726488B7A1038249B91AF163BF31C542
SHA1:	C0E1CB304169B9D79267647DE66FC13484E13382
SHA-256:	B674CD11AE1B395C559DB55BD5181F0F19CB01AB64C85CEA0B9389B0AC32D0F2
SHA-512:	375ADC59698BEC89C81DEA2917B681767C34352D6E8B847AAC377E497FC9E6A68FE67480A82B79C96BA6B65A2B0E6FB17B364D21C4DAA6241B38B85327AD783E
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.606045860842726e+12,"network":1.606013463e+12,"ticks":97852156.0,"uncertainty":4675963.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016942467"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\4173a81b-e626-4522-8bd0-3ceb21e5690b.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	162443
Entropy (8bit):	6.08273469265054
Encrypted:	false
SSDEEP:	3072:iJvA2NNCxQM9b0q+szv+tnMIWFcbXafIB0u1GOJmA3iuRp:MvrExQM9b7fD+ZMfaqfIlUOoSiuRp
MD5:	0C34C0DB76EEB15C47878040F20F8053
SHA1:	7986188E6EB9F573F6048A3BC5FE97CC04258736
SHA-256:	D7AB1C535030914E05B87397938D760C1BCCBC099DE9776656AEF3FB5B0B921D
SHA-512:	C5FF7ABD4133C516C4151F4194C070F514BCBE6C573E8FB64E698488676DF9445620E6FC703F99EFEA2D7BC42F18D03CCD3BA6EB742F1B0D9172EACD556DD635
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.606045860842726e+12,"network":1.606013463e+12,"ticks":97852156.0,"uncertainty":4675963.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\9e659086-4ba1-40b2-98ba-bbba067102cc.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SysEx File -
Category:	dropped
Size (bytes):	94708
Entropy (8bit):	3.7514804964471145
Encrypted:	false
SSDEEP:	384:drcTbJWI9S5lViY/aN/r8vrR3s7Z4HhoGwvrK1/7xMV1Rkr+jmeJWB/f3IOVNHNL:9O61Na1IQ0eLDF14XHOBKTRfhf
MD5:	314BDCB829580D644767A19C0EFA7F56
SHA1:	127C774FE164FE5F76AE30AFD142DFD1BAFB1320
SHA-256:	D1FC39DB2DFA3BED731DA1A006B47DD9EE2B022A0B90CF030D87CE711FECF3AE
SHA-512:	D8AC49276546259AA35CA7907BB644A66368AB4150EB925899F3A1F81EB22095F9AC5D9007C25A9DE0F6FAFB3BC2CF75F4FB7F531531103F32A27E1D9F15E084
Malicious:	false
Reputation:	low
Preview:	.q.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....)8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.254162526001658
Encrypted:	false
SSDEEP:	3:FkXft0xE1G1mstft0xE1G1mstft0xE1n:+ftIE1G1mkftIE1G1mkftIE1n
MD5:	E9224A19341F2979669144B01332DF59
SHA1:	F7F760C7104457DF463306A7F7BAE0142EFCEB5B
SHA-256:	47DD519C226D23F203ACAE0EC44DF9BB6208828E24F726E1602EA52F63C3E2BE
SHA-512:	4184302DEB5009D767FECFC150F580DD57D5CF9CF3BFEB7E52C9F3340E5E6499251B9F0DFF37F0454411FED9046880E0A9204312D021294256372C916B8155AC
Malicious:	false
Reputation:	low
Preview:	sdPC....................s}.....M..2.!..%sdPC....................s}.....M..2.!..%sdPC....................s}.....M..2.!..%

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0c1bd892-f556-46ac-a4f9-44b8879cc80b.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5681
Entropy (8bit):	5.17119417705896
Encrypted:	false
SSDEEP:	96:nEF7741qLIZVcVf2ok0JCKL8lkI1TbOTQVuwn:nE148LIZVcj4KGkIt
MD5:	191F575910C437E3B6790C1BFA75EC2D
SHA1:	1A539888B053037A71FFEB8F6BCDF978879006F0
SHA-256:	ABCEFC4F459070D63CBFD7E3BD98391137D8CC829D99EEE12EE896C18E0515B2
SHA-512:	C4CE23E4E81A90F35836EB015066E69877726315216514382366B5735589565D5C0BE0887013CE1D15A959555764837A54FB7964A1E0D71B86FFDE1A876995E7
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13250519458167089","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0c460c7f-aff8-4601-981e-c7a4bd0719c4.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	16763
Entropy (8bit):	5.578027930334932
Encrypted:	false
SSDEEP:	384:MuXtPLlIfXs1kXqKf/pUZNCgVLH2HfDGrUh32G4j:rLlGs1kXqKf/pUZNCgVLH2HfKrUhmG8
MD5:	9D4BA0C25441CB472322518837359C77
SHA1:	3F38B65DF86FED5AC9F3485C4DAA8D148C5993E7
SHA-256:	9D281A4D726E897610666D0FEB318FFDFF4CA200606AA425ABFAA030D8685A70
SHA-512:	9EBACD8F0F82BCBD0A3C6D5233A88B03AB575561BFD06CC0E95B2C678BEA950DE77E83D14EE155DDFFFA9EF7C41A57857ADDD5E90B05CD04E3BF28D7C8015E2E
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13250519457950146","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0faed520-790d-49e2-a751-22a3606aef22.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2123
Entropy (8bit):	5.59678001454961
Encrypted:	false
SSDEEP:	48:Y1bxiHdZiUbx6UUhSHEUbeNlHdHUtwUlKULqPeUer2UefWwUXUe1UbU:axMd4UMUUbUKzdHUOUlKUePeU9UETUX/
MD5:	6A7F136A6F96BDA606905436461B4494
SHA1:	89187DCBAF7CA374D70AB4C6626D6BA8377BFAF4
SHA-256:	AB836BF505B918B484CC0AB2AD31946FE194870BA3C1E13AAD191C46E50BDA25
SHA-512:	AB0F6BC8F99B02258A523D803831B16602299733BC6658506847BAB4F6C355E0155E6DD082441312041D2AFDAFB26718192D40F1B4110FCDAC7FC4F312762783
Malicious:	false
Reputation:	low
Preview:	{"expect_ct":[{"expect_ct_enforce":false,"expect_ct_expiry":1606650713.241248,"expect_ct_observed":1606045913.241248,"expect_ct_report_uri":"https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct","host":"T5AcgYcH9l2Z1a3JL5NWYpr+A+aKlk8e2eQ5R4y8JaE=","nik":[]}],"sts":[{"expiry":1637581912.585779,"host":"HFBiDP29QImD8tsB7lDVLwtFW1q+2JoXdNXZBg4nogg=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1606045912.585783},{"expiry":1633014077.350499,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601478077.350503},{"expiry":1637581912.55789,"host":"TZmujbl93Yt3JI8wZ4X/zjkA0WFNGNW44A+o7h4YyHw=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1606045912.557894},{"expiry":1613935151.241239,"host":"T5AcgYcH9l2Z1a3JL5NWYpr+A+aKlk8e2eQ5R4y8JaE=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1606045913.241243},{"expiry":1637581913.641235,"host":"WhnJUA5xp3SC0QTjQcML3oD

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\18690e3b-9832-460d-9fb1-750191027796.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5084
Entropy (8bit):	4.97644148959667
Encrypted:	false
SSDEEP:	48:YcQUkPklwHjGcnqA8RqTlYqlQuoTw0dPH3CH3O/s8C1Nfct/9BhUJo3KhmeSnplV:nEFqX4pcVfPok0JCKL8lkI1TbOTQVuwn
MD5:	3FF920A549EE5F7B8E6E4CC0E31C63E3
SHA1:	51EFE2775EFC654F57D7B66BAE3F4EDE93C4B9B1
SHA-256:	7CE2B733787024B5B1EB0EF2E930F899415370D5751EF67E791B58429BE259BB
SHA-512:	0B633D03EAB9CCD3751FFAE48E759B581CD618B1093FF590791AADCB609101E2F614F23A0468CB6F06C97B1398EF158EF16495C687E6132897249A073FE762C8
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13250519458167089","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1ab84fa4-49f7-4a37-91d3-e5b759f1d139.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Reputation:	low
Preview:	.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1e3901d2-f71d-48ea-b200-c1a3da32e67b.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	3653
Entropy (8bit):	4.871482035466789
Encrypted:	false
SSDEEP:	96:JOXGDHzaCH1KqFBtZGCG2GBGXjUtg6vs/PhH:JOXGDHzaCH1K8fZPd2SjUtg6vs/N
MD5:	D819FAF9FC77A85D34AE4CD1DFA57DCF
SHA1:	064BBCDFAEFBDEFC48B9823F479B0D6A8352F839
SHA-256:	9917E0507A9763515D9E62092AD7F30727CDB59F5E001B0008A494AC2C0FD79B
SHA-512:	0BE24D24341B485A0C4D85780DD8AE9CDBF5B43C65B7D735958A491320586221FED81BE081D7B2507CAD01E4241DA56C381E37C1E01F2C36D5611E7F779B74E1
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://play.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13253111462515444","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://redirector.gvt1.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13253111462520284","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13253111462661645","port":443,"protocol_str":"quic"},{"advertised_versions":[50],"expiration":"13253111462661647","port":443,"protocol_str

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2698fdf9-620f-4232-9a94-8069a2018524.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5681
Entropy (8bit):	5.171199580677256
Encrypted:	false
SSDEEP:	96:nEF7741qLIZVcVfyok0JCKL8lkI1TbOTQVuwn:nE148LIZVc/4KGkIt
MD5:	9908288FFD1D4CF61FE154EF23A087B2
SHA1:	D25F1F70B3EF29551D10B14612E09254053AA646
SHA-256:	0342B468A8B261255DC726C37F3D782FF4E7547E857302AC5A3AD2C08EE3C813
SHA-512:	1B642FE7F730090EBA8559A46E810598F5EE37AE44FE634660A331655AAE7E585E91C8F7662E967903C0C23BFDE5B467E706E9B85CE229A64C4139A8A0091647
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13250519458167089","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3d497f96-2ef1-434f-af9a-3d1035d8583c.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22614
Entropy (8bit):	5.535537151531151
Encrypted:	false
SSDEEP:	384:MuXtKLlIfXs1kXqKf/pUZNCgVLH2HfDGrUP/HGkcnTn3SbG48:uLlGs1kXqKf/pUZNCgVLH2HfKrUPvGk8
MD5:	BDE98FB0A10D8FA8DA72F63EA22A3952
SHA1:	FBF9EFDDAB27232DD5E1F99A31346656839EEDD5
SHA-256:	A017DB285359FC7D7455E17C0C4455430F76B67935AF8A2CF7BF4FF67896E0B2
SHA-512:	9FCC84C9F84907DA5431289D2F24CE6A413C58C84EF8E6424ED2E7367ADFAA4E2C1959B915753486C0A61E9574F7B0596AAE0022BC1AD085A69E2A918C5475DD
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13250519457950146","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4d628761-e60a-473a-a9ad-b64a07be6e03.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2125
Entropy (8bit):	5.595699844675122
Encrypted:	false
SSDEEP:	48:Y15iHdZGUw6UUhKbEU3HdHUEwUHMKULqPeUer2UefWwUXUetUq:gMdoU5UURUXdHUJUHMKUePeU9UETUXU6
MD5:	12D0E2ECA7C17476133E1531DF64DE3F
SHA1:	D45C6DD7C71E69FAC49F55869DAE23501F76BED4
SHA-256:	52CCDAE19D429B713D283962A9EFB406EC49E65116987BA2F339491AA3D8CFEA
SHA-512:	023726545EA46D934F164FE045CAF7F66B0EE30D5058F7B714156F4DFF4D631F43EB3B36A4B08D96AA4BE2DE36793C047C47743549688484CDB32221B9B93264
Malicious:	false
Reputation:	low
Preview:	{"expect_ct":[{"expect_ct_enforce":false,"expect_ct_expiry":1606650682.786878,"expect_ct_observed":1606045882.786878,"expect_ct_report_uri":"https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct","host":"T5AcgYcH9l2Z1a3JL5NWYpr+A+aKlk8e2eQ5R4y8JaE=","nik":[]}],"sts":[{"expiry":1637581881.797328,"host":"HFBiDP29QImD8tsB7lDVLwtFW1q+2JoXdNXZBg4nogg=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1606045881.797333},{"expiry":1633014077.350499,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601478077.350503},{"expiry":1637581882.083153,"host":"TZmujbl93Yt3JI8wZ4X/zjkA0WFNGNW44A+o7h4YyHw=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1606045882.083157},{"expiry":1613935120.786764,"host":"T5AcgYcH9l2Z1a3JL5NWYpr+A+aKlk8e2eQ5R4y8JaE=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1606045882.786869},{"expiry":1637581877.39354,"host":"WhnJUA5xp3SC0QTjQcML3oD

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5aa9662d-0e9c-4898-8b0d-ef2410363c53.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5682
Entropy (8bit):	5.171386894395572
Encrypted:	false
SSDEEP:	96:nEF7741qLIZVcVfzok0JCKL8lkI1TbOTQVuwn:nE148LIZVcQ4KGkIt
MD5:	4023721BD51F4523ADDC4625DDE571CB
SHA1:	12A28C4F25750AFB31524F4B5FC893B7DD883435
SHA-256:	D469703B6197B6700C5D9EDDB1D89E019D2D6286F265CCACAFAAEDBDC6AE030D
SHA-512:	D166C3E5D0BC935E8B06811A77F378CD1C4E7D5EDED502BA77434967563A69DD386F49FC0F9DF2CE64F6E9A20BB44E20D3C243877276439F7B16FAF14AB95262
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13250519458167089","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5ee27fd7-cadb-4629-94f1-883c083aa117.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	5708
Entropy (8bit):	5.17337922296654
Encrypted:	false
SSDEEP:	96:nEFCg741qLIZVcVf4ok0JCKL8lkI1TbOTQVuwn:nEga48LIZVch4KGkIt
MD5:	E465D3776F2977D39EAAC2822C7A4714
SHA1:	880946D0B40F6D1D5830585BA50D0866DEB6ED7C
SHA-256:	D4E77549909AF6F88DBFFD550CD4FD37E40B38DE918BC043F284310C67A426B0
SHA-512:	7F75A20146F4CDD5C261D1C740AFC4F5EE34FFBEDF253FC09AB8B4436DA0508C2075741B86286FCE2D6B69E90F59788F6296FF9B01C4555EF17256A84F1E3CD3
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13250519458167089","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6e9c2337-b513-4f32-8b28-57bd9c22adca.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4219
Entropy (8bit):	4.871684703914691
Encrypted:	false
SSDEEP:	48:YXsJjMH+5s7YMHBKsvxMHVzspxMHbsIHt/soBDysKqnsllzMHpDCLsWJMHLsNuMg:RG+ZGJG+GTTD7IGpD+G7Gp2GnG4GVhH
MD5:	EDC4A4E22003A711AEF67FAED28DB603
SHA1:	977E551B9ED5F60D018C030B0B4AA2E33B954556
SHA-256:	DD2C9F43F622F801FCC213CDE8E3E90EF1D0D26665AE675449A94CEC7EB1D453
SHA-512:	84D3930579FD73C7D86144D5CDC636436955BA79759273C740D2D72BC4847F2F7F165BBCA3EB2E4DFB01777D6A5F141623278C1BF74615C5A491092CE3FD1602
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248543677350473","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543677350474","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31344},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31656},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501454993","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501454994","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39369},"server":"https://www.googleapis.com","supports_spdy":true},

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\868e82a3-71ec-423c-b452-5e00385ef131.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22613
Entropy (8bit):	5.535498989554079
Encrypted:	false
SSDEEP:	384:MuXtKLlIfXs1kXqKf/pUZNCgVLH2HfDGrUP/HGhcnTn3BG4H:uLlGs1kXqKf/pUZNCgVLH2HfKrUPvGh6
MD5:	141BB82C05BE983BDF8D4EE79123ED94
SHA1:	04FDD47A09D6D512E1E4E4FC50EA230802D2E108
SHA-256:	61A82AC56E1F7394FB15A9259D30C3F2D58362E24E0D23BF79164AA9D0ADC6B0
SHA-512:	97BDBA7D3CA778A2F2F7BCB810D7D47545A1893AE890CA9F3BA734191A6E735554A631112E1E1A0107FB310EBD69FDBCAC5A8384FE422CF8B1BFB4D152586113
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13250519457950146","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.202600690058184
Encrypted:	false
SSDEEP:	6:vv39+q2PWXp+N23iKKdK9RXXTZIFUtwOOJZmwyO519VkwOWXp+N23iKKdK9RXX5d:X34va5Kk7XT2FUtwZJ/ys1D5f5Kk7XVJ
MD5:	E9414EFCAFEE39B9821B3E4980D8CC23
SHA1:	ACA24BA71096BF1C173A0AC63455F8915A5FA2E2
SHA-256:	FD0A32A84E6599DA8091DFD3C5A0AE053669EDE657AC16999C782875D120626A
SHA-512:	979862BD2024A021C0C08564B08E8D5329A2CCC46688CA907AAB927CFB20FB93445BC58907A86E0AA85C92A07E3C5A3F4CB0147788FEAE238541D39A43BF3D63
Malicious:	false
Reputation:	low
Preview:	2020/11/22-03:51:11.066 1368 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2020/11/22-03:51:11.072 1368 Recovering log #3.2020/11/22-03:51:11.075 1368 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	318
Entropy (8bit):	5.172119980306214
Encrypted:	false
SSDEEP:	6:vBq2PWXp+N23iKKdKyDZIFUtwOi7XZmwyO5BkwOWXp+N23iKKdKyJLJ:Jva5Kk02FUtwR7X/yy5f5KkWJ
MD5:	E9B4E468FB2D35F163693848280D4AC8
SHA1:	C2CCAAD00B40F6AD55416AD129C818D2DE8DC2D1
SHA-256:	F723EEB6D9058201B1DCC20A7F4511AF50F77F2E73C1B7FE0D41BED948BA093E
SHA-512:	36A4170A6EEE7BCB45AA261F36291B5F0E83C251303F657EB3066B14D6A86CBDF590FF875B045EA378E6DB8BFFF3E7AF1C083A914D09C6FBF5A871D7669FCF4B
Malicious:	false
Reputation:	low
Preview:	2020/11/22-03:51:11.064 1b04 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2020/11/22-03:51:11.066 1b04 Recovering log #3.2020/11/22-03:51:11.067 1b04 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\082a66eaa50bffde_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	96432
Entropy (8bit):	5.827882409296488
Encrypted:	false
SSDEEP:	1536:BABUjdOjwlWhx2YNeugCU3y3LTjfnAqCekFnw5O4H:oBmYQugCXDAqAFnw5OM
MD5:	3B4C2218416D9C118A60EB6C4FC4E3ED
SHA1:	5BCE0448E0EFB508737A9A0F492F6C3004AB97F1
SHA-256:	928E4920D99F3DF1A96E4892BDC24A8EEFFFEE9A2CDF9C9252751E67FE56BDE2
SHA-512:	4931739C00C4B0F1FE0F8AE3DA0DDBC5E057651C2476ADA9EFC8EC246F1B78893B5C7DE2B50568FBF6E9EFF105D50E366A44DFD66CA199DB4F46AF88CE07DB4A
Malicious:	false
Reputation:	low
Preview:	0\r..m......@....X.e....5984523077983483C1A471D01D8855390ADD027C680C9E7B2B30BDE1A2D2CA0F..............'..S....O!...Xw..b...................H#......................................................................................................,....................(S.H..`L.....L`.....(S.p.`......L`.....0Rc..................Qb........t...`....I`....Da....j.....Q.@Be.$....module....Qc.B{.....exports...Qc.U.....document.(S........5.a...............a..............a..........A....a............a...........Pc.........exportsa..../...I.....@.-....hP.......[...https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/jquery.js?v=8926416544707358891.a........D`....D`....D`.....Y....`....&...&..!.&....&.(S...I#..`FF.......L`.........Rct...........2.....Qb.j.....e.....Qb..6.....r......S...Qb2.......o......M...Qb........s.....R....Qb~l3C....l.....Qb......c.....Qb>.......f.....Qb&4.'....p.....Qb.C......d.....QbB;......h..........Qb........y.....Qb.`.....v.....Qb..S....m.....Qb...^....x.....Q

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0b236b7f5bf72364_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	2440
Entropy (8bit):	5.436247060048597
Encrypted:	false
SSDEEP:	48:TrSnhAfcdP+AOtVrnNt4MtdYDw/YZWhqCqX4OXszlbxOzRQw:chIcdP5OtVrnP4+mE0xIDBbi1
MD5:	737E0632FF5838F10AD01CA09B422EC9
SHA1:	75F66D7BE354B0743FE6FC6E06448834D86EC640
SHA-256:	7D812D89925B72D6B23B11CA8CCC9A3AC14638571B5B4BEEBEA81C4680AA1346
SHA-512:	93244B0F297DFA58AF61498990ACA726E0C4D037FBADB0BACB07EEA8EE8006A34BF6EA931464514257FA6C7B787385A30DBEF3B88C133582B1BA2FDDD9E2D56D
Malicious:	false
Reputation:	low
Preview:	0\r..m......@..........._keyhttps://s.pinimg.com/ct/core.js .https://hereforyoushop.com/){..F./...................r.J..6s.C.n&E..M.{..,8.I..8N..A..Eo.......[,d.........A..Eo..................){..F./...................'.v.....O....@...................................(S.D..`>.....L`.....(S...`.....LL`"....@Rc..................Qb.j.....e.....Qb..6.....r.....R..b$...........I`....Da.........(S...`......L`......Q.@.B{.....exports..$..a...........S.C..Qb~l3C....l...H..!....a...........Qb..7.....call......K`....D}8...............&.%.......&.%...&.(......&.}...&.%./...%.0...'....&.%.*..&.(...&.(...&.(...&...&.'..W.....-...(........,Rc................`....Da@...8.....a.....e......... P.........@....@.-....,P..........https://s.pinimg.com/ct/core.js.a........D`....D`H...D`.....<...`....&...&....&....&.(S.......Pb........u.d.a........I.....d....................&.(S.....Pb........u.r.a........I..a..d....................&.(S.......Pb........u.t.a............d................0@..I..d.....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0e0db2eb3425f0d0_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	4780
Entropy (8bit):	5.459498308801399
Encrypted:	false
SSDEEP:	48:3XLzSzAdXLxphfdXLCEdXLaJvnGdXL520dXLjtWdXLAo1dXLokdXLlb1dXL+RdXO:3Bt71rsodGdHRpzSjgm+a7b5DSmk
MD5:	A8B66F5A3FDB88713FCA8AD2651B4C15
SHA1:	C2B32E57E59335E237CEEA75D39A378703370CA7
SHA-256:	60A82C6524100DE1963F00EE99B79D1FACFC9B6DA7B9FE3894587F9A467AEFCD
SHA-512:	04DCB75006A24749CA8C697305797FADB0CD488B9931AF073211363488CD13B912ECFE9FDC05A21EF348FE45131062B835EAC70746F51AC04855D9DC6582D142
Malicious:	false
Reputation:	low
Preview:	0\r..m......k...ZR......_keyhttps://sellup.herokuapp.com/upseller.js?shop=imhereforyouco.myshopify.com .https://hereforyoushop.com/....F./.............6........J..v.l.r.]?.<I..~v....Xd.e.FZE..A..Eo........~G.........A..Eo..................0\r..m......k...ZR......_keyhttps://sellup.herokuapp.com/upseller.js?shop=imhereforyouco.myshopify.com .https://hereforyoushop.com/.%$.F./.....................J..v.l.r.]?.<I..~v....Xd.e.FZE..A..Eo......&$;..........A..Eo..................0\r..m......k...ZR......_keyhttps://sellup.herokuapp.com/upseller.js?shop=imhereforyouco.myshopify.com .https://hereforyoushop.com/..c.F./.............F........J..v.l.r.]?.<I..~v....Xd.e.FZE..A..Eo.......hN].........A..Eo..................0\r..m......k...ZR......_keyhttps://sellup.herokuapp.com/upseller.js?shop=imhereforyouco.myshopify.com .https://hereforyoushop.com/.U..F./.....................J..v.l.r.]?.<I..~v....Xd.e.FZE..A..Eo.........l.........A..Eo..................0\r..m......k...ZR......_keyhttps://sellup.h

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1280eaf7baf34351_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	34195
Entropy (8bit):	5.576070291106189
Encrypted:	false
SSDEEP:	768:tPtaLEmLctzJiZE5ESGSJwjKijb4sDnhINQo3chAF:HaLEmEzJiy5E3zf4sDaNQoh
MD5:	3DB2CD230E45F7EF0B47E2056B274CD3
SHA1:	F5DE5436F839BA32ACE6AA97F2985145A01B7CCF
SHA-256:	5A1FED2B56FFF6AC6A5C6818F6D7A9D2DF50F6A24EB802D0222150D449E524E3
SHA-512:	8FA839CD6F1A6010D8A96C56A9ABE5ED6EDB44D51EBEEB771E3C5CE1FB433F062EF1FC0DF2B6435F15E12821C2E71B7F9539DD9A026183D8E96F4BE4B9D283F6
Malicious:	false
Reputation:	low
Preview:	0\r..m......{.....5....._keyhttps://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/theme.js?v=7548532355862316605 .https://hereforyoushop.com/.6..F./.....................5.\|..w..>..e.4.#Y..).. ..h0.R#.A..Eo......Y.S..........A..Eo................................'..b....O........[B....................................................X................(S.E...`@......L`.....<L`.....(S.....Ia........$Qg.-......onYouTubeIframeAPIReady.E.@.-....hP.......Z...https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/theme.js?v=7548532355862316605..a........D`....D`....D`.....I....` ...&...&.(S...Ia....e.....Qc..-.....SectionsE..A.d....................&.(S......5.a....).....Qc.x......theme......a....$.........a....#......3...a............a..........Qbf5.'...._......a............a..........Qc..&2....assignIn...a...........Qe*......._createInstance.a..........q8E.d....................&.(S........a....(.....a5...a....#.......a....".......a............a...........6...a............a......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1437dc07a563bc7f_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	63092
Entropy (8bit):	5.564787067714812
Encrypted:	false
SSDEEP:	768:NqsaTlLGafdcxP1OEkbCA07yoXtuUEXu7kkhgav9cUwLiC/H/u45SOxEiqmP:E1Hfm/OETAjWuUN7kkpv9cUyHu45SviH
MD5:	823E4EDE107742C18C5F20E291C0D20E
SHA1:	603543602BDFEB9CE7CFF1C159169BC407D077AF
SHA-256:	CCDEF21960E919B3E673EB87953C5796A61156EA2D8CF9693C72AFA2461040CD
SHA-512:	6B272A6D0EEDF188F39585476C1473F6DDDD0641C08682312580BDABA129CC27B69CD737E00122FFB505615337B623FF24FF2D2C2738F5753B829A88F83B6C00
Malicious:	false
Reputation:	low
Preview:	0\r..m...........<.D...._keyhttps://cdn.shopify.com/shopifycloud/shopify/assets/storefront/features-87e8399988880142f2c62771b9d8f2ff6c290b3ff745dd426eb0dfe0db9d1dae.js .https://hereforyoushop.com/.m..F./...................7ES......,...:..0..+..O....f.A..Eo......2............A..Eo................................'.......O....`...lyA.....................................4...............................................P................(S.L..`N.....L`.....(S.e..`~......L`.......Rcf.................Qb.C......d.....Qb*.`.....v.....Qb2"......T.....Qb2.......o.....Qb~l3C....l.....Qb.Yt.....j.....QbvY[9....F.....Qbj.(.....k.....QbB;......h.....Qb..S....m.....Qb&4.'....p......O...R....Qb......c.....Qb........y......S...Qb..ax....E.....Qb.......O.....Qb~.......B.....Qbb.......L.....Qb........s.....Qb>.......f.....Qb........n.....Qbf.......M.....Qb........C.....Qb........I.....Qb.<T.....R.....Qb"..j....D.....Qbf5.'...._......M...Qb.\E;....w.....Qb...^....x..........Qbv......A.....Qb.j..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\15e065da0daca7fd_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	16543
Entropy (8bit):	5.810438840440142
Encrypted:	false
SSDEEP:	384:KAY0ofmLHTg2dQ1+O5fBQmFlPMXQoR2KAKR34D8K7bDu3sw:Kd0VLTbQ4mKm/+QoRHAKuwK7HoB
MD5:	A68240A42841E7318918EC8908B52B2B
SHA1:	684A08EA590FF32EF625ECDAA93D9B15E1B15174
SHA-256:	CEBBFB447DFC4E37A45E98C18967D6C364ECDF4DDDE6BECDE421B0275B60BF8C
SHA-512:	D658ECA8D8647CD3A24DDB61216C76C0A1CBB5EFCBF78F9A3AB2019DD87B5F53A0CC70C907B83A5C08C42BFB73C1DC1E8EC38D66E6320B1DEA41F21E6F017AE0
Malicious:	false
Reputation:	low
Preview:	0\r..m..........unH2...._keyhttps://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/lazysizes.js?v=6844146596460774066 .https://hereforyoushop.com/[...F./....................<-..cB..@.....j...^!...2....A..Eo.........C.........A..Eo................................'.RU....O.....>.................................L................(S....`.....0L`.....(S...`.....LL`"....hRc0..................M....O...Qb.C......d.....Qb>.......f..........QbB;......h......S...Qb.Yt.....j...g................................I`....DaF........(S.....Ia=..........A..@.-....lP.......^...https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/lazysizes.js?v=6844146596460774066..a........D`....D`<...D`.....!....`....&...&....&....&.(S.....Ia....-....,..i .............@......@......@......@.+.....O...A.....d........@............D&.(S.....Ia........I..d........@...........&.(S.....`.....lL`2.....Rcd..................M.......Qb.j.....e.....!........a....S.......Qbj.(.....k.....Qb~l3C....l.....Qb..S....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1be31ae4a43afd1e_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	22299
Entropy (8bit):	5.702213129280433
Encrypted:	false
SSDEEP:	384:hG87R9geHWMpYTZGYVYN/IxLC5RVyR40D+KViFKX5jnSq9X:hGs127ZVYNQxeNEyKViE5Dr
MD5:	3D2C87B8F7DF1B276CA97CC8DADDE998
SHA1:	C392422F4F880BC7FF9ADBE84552BC9106F7B373
SHA-256:	A2FE1B387BA92D0694ED2310807E61F3893C859E31847366C2A60B14BC9401E7
SHA-512:	E760F51C54C2EFF379BA010A8078ECCD32CDF558BFC680575563D359A3A96C12D49B67D818731327CFF89208B0D0A524697B1049B2F04033139E3A334993D06E
Malicious:	false
Reputation:	low
Preview:	0\r..m..........z..`...._keyhttps://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/bootstrap.min.js?v=7372439028658456128 .https://hereforyoushop.com/D...F./...................1..j...).......-.2.S[p.w.....A..Eo......[............A..Eo................................'.......O....`U..........................................L................(S.....`.....HL` .....Q.@>AJ~....jQuery......4QkB.fe&...Bootstrap's JavaScript requires jQuery...(S...`0....$L`......Qbf.:.....fn....Qc2./[....jquery....QcJ.......split......K......dQw^Ew>X...Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4..K`....D...(.............(...&.(...&.(...&...&.Y....&....&.(...&...&.Y....&....&...i........&...i...8..&....g......&.....g........&...i.....*..&...j...... &...&.%.e..."......(Rc................I`....Da....t....$..g$.........P.. P.. ..."..."....@..@.-....pP.......b...https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/bootstrap.min.js?v=737243902865845

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2eaa7ed6113c80dc_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	4009
Entropy (8bit):	5.514014307294307
Encrypted:	false
SSDEEP:	48:8KHCK0CKVCKWNCKoRCKZCKn24CK8CKy8CKDCKlCKcTCKRTCKrLNCK1CKhBCKEFCk:8HGhkpodK2vy/zjRb+++9hCYGQ
MD5:	B0A04AABE38C660F2F796B89E8885EB9
SHA1:	70F63614B9241C7D16003708E20E975C56332C73
SHA-256:	6209F3E3D95101153A13820BBB49B9060D3087E790C0FC95B46DE89B3C86386C
SHA-512:	E76B6C84E7E2FC031DD81ABA06999D7D6D51D6EF3F47C2F100AF608F463922241BFC5143B304A8E3E117821A3DE9B1C90A7CA8CD395214E8E962E3F46DD7F134
Malicious:	false
Reputation:	low
Preview:	0\r..m......O...h!......_keyhttps://connect.facebook.net/en_US/fbevents.js .https://hereforyoushop.com/n...F./.............................d.H....<..c....5O....A..Eo.......=.q.........A..Eo..................0\r..m......O...h!......_keyhttps://connect.facebook.net/en_US/fbevents.js .https://hereforyoushop.com/^...F./.............v................d.H....<..c....5O....A..Eo......h...........A..Eo..................0\r..m......O...h!......_keyhttps://connect.facebook.net/en_US/fbevents.js .https://hereforyoushop.com/y.a.F./.............................d.H....<..c....5O....A..Eo.......:...........A..Eo..................0\r..m......O...h!......_keyhttps://connect.facebook.net/en_US/fbevents.js .https://hereforyoushop.com/L..F./............................d.H....<..c....5O....A..Eo...................A..Eo..................0\r..m......O...h!......_keyhttps://connect.facebook.net/en_US/fbevents.js .https://hereforyoushop.com/W#..F./.............................d.H....<..c..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\589454532e0beb88_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	389
Entropy (8bit):	5.776623625501083
Encrypted:	false
SSDEEP:	12:Wz3bZRGtTrKLQmv2wXv/Mm9Kb4BGm15mRR2Kt:u3bZKKLrcm9E4R5mH28
MD5:	1260C67E4981D92BF52BCE8102DD853A
SHA1:	9B58E0A53275B9E0030D494024798CD781DE8686
SHA-256:	5030A2EC54561E54D7403F1A82C23CF30996C1FD9EA4EE0F8A983257C3F4F9E4
SHA-512:	5E0902F87534420E36636A038D73605271791D4F95B4422BAA73F951D00C45C258B595A0BF88031BD354BED5DA347F8B2242302C9DED05C13E855C44B9BA8838
Malicious:	false
Reputation:	low
Preview:	0\r..m......}...q......._keyhttps://cdn.shopify.com/s/trekkie.storefront.3bc22f7b201bea3154c99666f2373bcf9a3e8fb1.min.js .https://hereforyoushop.com/._..F./.....................\..LJ......efl..6du.ee.VntP.2.A..Eo......&..].........A..Eo..................._..F./.....A3F9E8AE62233178B27294CC0CF80E0920E3BF01633A039413BF4E89484907FC.\..LJ......efl..6du.ee.VntP.2.A..Eo......./;.L.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5c5bd7a64ba48473_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	5956
Entropy (8bit):	6.299111090967001
Encrypted:	false
SSDEEP:	96:3atbxlhU9WYDGu1Vr93Qj5ZmLXfs4OfeSoUFBS9AfUKgPrMaEfcrhL:3aZxGWYDGQAj6X0XfetOfsDMrfKhL
MD5:	5E59F38B3AB562BF9A320533FA3E2A74
SHA1:	9EAB4BC52B248125D1092AB93ADEDC606BCCEC67
SHA-256:	97C1C0B1BC84F905417E87329FF7ACB1A5065C2E5478E04572C984BBF9550873
SHA-512:	E4C58408413864A0C9DD4F69AE3BFB3F29B60338C7E0BE5ED8AE7EA29BC5344FD97BA119B7EE27692C9DAABA18F8BFCCF47E9C393F97D0D8DA3294ED7DAAB202
Malicious:	false
Reputation:	low
Preview:	0\r..m......T...~.j....._keyhttps://cdn.shopify.com/s/javascripts/currencies.js .https://hereforyoushop.com/.p..F./.............h.......6...g.-...........6.`nzc..6K.'t.A..Eo......B.Eg.........A..Eo................................'.......O........y.......................................(S.D..`B.....L`......L`......Qc..MF....Currency....a..........Qc.,.U....rates.......a..........Qb...T....USD.`......QbF.......EUR...XaH.`...?..QbR.......GBP...XaS..c.A.?..Qb&2."....CAD...XaJ..4p.?..Qb........ARS...Xa:..k<}.?..Qb.2......AUD...Xa.^.iN^.?..Qb..W.....BRL...Xa...X...?..Qb.......CLP...Xa....oU?..Qbzx.;....CNY...Xa./.o...?..Qb&Q&0....CYP...XaT..^-w.?..Qbz\......CZK...XaYz#.;..?..Qbn=g.....DKK...XatF..._.?..Qb"A......EEK...Xa...E..?..Qb...d....HKD...Xa....Y..?..Qb..tC....HUF...Xa.@l.o.j?..Qb.c......ISK...Xaf.S.%~?..Qb..k>....INR...XaA. D...?..Qb..'.....JMD...Xa'{2...{?..Qb.O[M....JPY...Xa[.i?...?..Qb&..w....LVL...Xa@.."2,.?..Qb...\....LTL...Xai..".~.?..Qb........MTL...Xa.o`r...?..Qb.....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5d760ce477ab20fb_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	4840
Entropy (8bit):	5.567387443729391
Encrypted:	false
SSDEEP:	48:C0s+sYzs/osBNsDpsA6sfsqnsmws9sMqsosa7sPrsusBsZscsJ:C9/YI/h4DWA70qs+KShagoveG1
MD5:	FCCC42E8D9464E5A424D194C6533B9BB
SHA1:	B9429B300D68278C6B677E6943E9134C0C86F916
SHA-256:	B68EAD256381719AB686CCAC27189746DF6453B981F85192C0D119FB34FFAB07
SHA-512:	EB99F60E26CF0AD00E2332CC4F6A40A996DEF111D854C9F70345A923ADDC44CD83A36FD2694CFF1B4E1ADC11129D4C4830EAAEDEAEC15CC00E3B17CDBE1340AE
Malicious:	false
Reputation:	low
Preview:	0\r..m......n....J....._keyhttps://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js .https://hereforyoushop.com/...F./.....................HH...t..z.3.1]H.c.s..I..B...A..Eo.......u...........A..Eo..................0\r..m......n....J....._keyhttps://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js .https://hereforyoushop.com/....F./.....................HH...t..z.3.1]H.c.s..I..B...A..Eo......vp...........A..Eo..................0\r..m......n....J....._keyhttps://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js .https://hereforyoushop.com/..b.F./......................HH...t..z.3.1]H.c.s..I..B...A..Eo.......*...........A..Eo..................0\r..m......n....J....._keyhttps://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js .https://hereforyoushop.com/...F./.....................HH...t..z.3.1]H.c.s..I..B...A..Eo.........X.........A..Eo..................0\r..m......n....J....._keyhttp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5e69cf08ea327492_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	72504
Entropy (8bit):	5.715167029016996
Encrypted:	false
SSDEEP:	768:+2Saa2tj0fX7fb1clG2wQV9ILrMGhPFuuMWxkTOlTWAFU30JwmNWTcVIE:6aJh0v7fIJFVGrMGnuuiOliAq30Jw+Vn
MD5:	72F207B8BDF517E683E14A9EAE032072
SHA1:	0DF7AD8B5AC3BF9D6B4B96D590241F9E59D1D880
SHA-256:	1A1E6585E6F48EAD2CB52F605C019EFD82627ADFF3DDC33E57DA4D1B5FC6C80A
SHA-512:	46AD9190A6C8241D09036F1065099DACA69E0B5968DF0FB5B248685DAFDBDBABF9207266955C647656BEB93DC5BEF11941D96DB83FB8F89871AC47ECF25718E5
Malicious:	false
Reputation:	low
Preview:	0\r..m......@.../.ar....A3F9E8AE62233178B27294CC0CF80E0920E3BF01633A039413BF4E89484907FC..............'......O..........x.............................p.......D...........................................................X....................(S.....`......L`@....(S...`.....LL`"....@Rc..................Qb.j.....e.....Qb........t.....Qb........n...b$...........I`....Da.........(S...`......L`......Q.@.B{.....exports..$..a...........S.C..Qb~l3C....l...H.......a...........Qb..7.....call......K`....D}8...............&.%.......&.%...&.(......&.}...&.%./...%.0...'....&.%...&.(...&.(...&.(...&...&.'..W.....-...(........,Rc.................!.`....Da@...8...........e......... P.........@....@.-....hP.......\...https://cdn.shopify.com/s/trekkie.storefront.3bc22f7b201bea3154c99666f2373bcf9a3e8fb1.min.jsa........D`....D`2...D`..........`....&...&..A.&..a.&.(S.......Pb........n.d.a........I...q.d....................&.(S.....Pb........n.r.a........I.....d....................&.(S.......Pb........n.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\617d53ca9fdcd6ce_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	249
Entropy (8bit):	5.541624976844708
Encrypted:	false
SSDEEP:	6:mzVYGLKdXNQKwkE+mFV2KSvXgAlFtnevIam44K6t:EohNQKwkE+mv2JvX5uW
MD5:	10241BBDB414CD1DC749AE99CF9CF931
SHA1:	1BAC8B9662A22786D8CD3E9AC47A8BD1FCDA2168
SHA-256:	BABE290CB85934C6EA0B4E1E195343725284E7FDF40CED1E2DC42E8842954656
SHA-512:	EEE6BFE0E881F8766862C25A8E218E7D8F973C0E0EC54A78DD08A4FEA3FB2EF2F2806C98D2ACE624460B813D4DC91B89946B9F9521814CA389C812BFC9E3B9AC
Malicious:	false
Reputation:	low
Preview:	0\r..m......u....'k...._keyhttps://www.gstatic.com/recaptcha/releases/UFwvoDBMjc8LiYc1DKXiAomK/recaptcha__en.js .https://hereforyoushop.com/.t..F./.....................c...>Fq..Nh..A...um.Y]k....>]..`.A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6872ce7adcf25f4b_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	16024
Entropy (8bit):	5.675914927158373
Encrypted:	false
SSDEEP:	192:4n0Q8Qx9bJlFrJHtykA7XPKF0am1eQFJSMskE04EFHHgxV2SZBfyf4b/wgnMP6Gt:4t8Qv5JgOGtFJS0AbHMP5Eny
MD5:	E56BBBD4B0AC72A107E34F13F923593D
SHA1:	E49EC86E4BF7EA5882A28664582DBD753428912D
SHA-256:	0E6BB7A053D46BF8C209B72736D483C518CA8F302262F73D962C37F921100E8E
SHA-512:	FA3506BEBA7015C2BC0B2F8F3718F3D55571B5562B658F5125355D5EB1055FCCC288513BF51C019069E6C20A3C06D45960AB55F35E94C49423EEF1816335A102
Malicious:	false
Reputation:	low
Preview:	0\r..m..........UuF....._keyhttps://cdn.shopify.com/shopifycloud/shopify/assets/storefront/load_feature-24ff1222c9aa13bb217653c0d3ea28c40a796a280e6da29ad421eec2a6075c86.js .https://hereforyoushop.com/.m..F./.............\|.......V._.U....L.f...D_...d...n..A..Eo........[..........A..Eo................................'..$....O.....<...U9o............................P................(S.L..`N.....L`.....(S....`.....\L`.....RcX...........$.....Qb........s.....Qb......c.....Qb........n.....R....Qb........y.....Qb.`.....v.....Qb>.......f......M...Qb&4.'....p.....Qb..S....m.....QbB;......h......S........Qb.C......d.....Qb~l3C....l......O...Qb.\E;....w.....Qbf5.'...._...q........................................................................I`....Da.....H...(S.L.`P.....L`........a..........Q.@.B{.....exports....a..........Qb..7.....call......K`....Dm0.............}...&.(...&.(...&.(...&.'..'..W....(.......,Rc.................Qb.j.....e...`......a.a4.........A.....c................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6ed4a4600e77f5dc_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	4960
Entropy (8bit):	5.495218026170383
Encrypted:	false
SSDEEP:	96:BueaxeCAGqAxs/WIoWcHktW+j+pxOuW/oIFE4Xzl0nojF4n:8eN5HV+nNE1SprGPWoZbZo
MD5:	0588A1777901A57FC5D30FCB4AD8F8EF
SHA1:	45A93E97E567B4C02210235CCB7399CC42DA773B
SHA-256:	783CE7E0F6CEF30922A2CD28D32E2E6AFFB342F5DEF8D8EF9F62CB89933BA270
SHA-512:	BE60E0C755ACF064F89F74B49E623AB8EF7091695C1AD10860E1D0809AF1960229F10B428F32DEA0058DA763040D7F4FC955A823C61153AE7162E577058194A3
Malicious:	false
Reputation:	low
Preview:	0\r..m......t...V>......_keyhttps://sellup.herokuapp.com/kartifyjs/kartify.js?shop=imhereforyouco.myshopify.com .https://hereforyoushop.com/N...F./........................{\.F.5ub.'v.#G.A\...p=.k.<..A..Eo.........E.........A..Eo..................0\r..m......t...V>......_keyhttps://sellup.herokuapp.com/kartifyjs/kartify.js?shop=imhereforyouco.myshopify.com .https://hereforyoushop.com/..".F./.............`...........{\.F.5ub.'v.#G.A\...p=.k.<..A..Eo...................A..Eo..................0\r..m......t...V>......_keyhttps://sellup.herokuapp.com/kartifyjs/kartify.js?shop=imhereforyouco.myshopify.com .https://hereforyoushop.com/..c.F./.............:...........{\.F.5ub.'v.#G.A\...p=.k.<..A..Eo......f...........A..Eo..................0\r..m......t...V>......_keyhttps://sellup.herokuapp.com/kartifyjs/kartify.js?shop=imhereforyouco.myshopify.com .https://hereforyoushop.com/...F./.............%...........{\.F.5ub.'v.#G.A\...p=.k.<..A..Eo........{T.........A..Eo..................0\r..m..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\70747a5c451cd1e1_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	24453
Entropy (8bit):	5.91552363168661
Encrypted:	false
SSDEEP:	384:LlWiig1iWwyf/qaaCRKw3Kt085UQRXkdlGBAdUZpbO7L1xMOd1JD3TNLESBwm:EiihASaaCsgKOKfRyBa4rLBj
MD5:	5B664F20F4608D50F222BC8EDDE084B3
SHA1:	896067BBAA67738F660DBCC9CE9D7A3A76194539
SHA-256:	DF12C03EE8B9B4E076B05699D753F3E5B6EB2C366ECD9C3D9770015146B7C8FB
SHA-512:	AF5D0A45FC4AFB0CD55ED14454B7F2BA968BDB73EEB256F38B43C2546F421B324F445AC543EE105FD92562F399AEAA1EE317DE2D796D6469DA877CB2235CD000
Malicious:	false
Reputation:	low
Preview:	0\r..m......M....'......_keyhttps://s.pinimg.com/ct/lib/main.d71a97dd.js .https://hereforyoushop.com/.e..F./.............Q.......8.h.Df..Q(/.w.E!#@<..H.+ .....A..Eo...... Ym..........A..Eo................................'.......O.....].....Q................H............................................(S.5...`.....dL`.....(S...`.....LL`"....@Rc..................Qb..6.....r......S...Qb.j.....e...b$...........I`....Da.........(S...`......L`......Q.@.B{.....exports..$..a.........C..Qb~l3C....l...H..!....a...........Qb..7.....call......K`....D}8...............&.%.......&.%...&.(......&.}...&.%./...%.0...'....&.%.*..&.(...&.(...&.(...&...&.'..W.....-...(........,Rc...................`....Da@...8.....a.....e......... P.........@....@.-....8P......,...https://s.pinimg.com/ct/lib/main.d71a97dd.jsa........D`....D`J...D`.....m....`2...&...&....&....&.(S.......Pb........e.d.a........I.....d....................&.(S.....Pb........e.r.a........I..a..d....................&.(S.......Pb........e

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\814f1d3aefbc13c7_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	3299
Entropy (8bit):	5.610335837298486
Encrypted:	false
SSDEEP:	96:X+2vmVow7g73HgWCvGQmuSldgiLhOEhOw7:X+2OWw7CCOQuL5Iu
MD5:	F5731C2414E512FD1E564A60ADAA8855
SHA1:	CF2997521DA29929D0085079268CEC9F1F1DDBB6
SHA-256:	EAFF93FB8724BB5334BD419A9400930B0CC17C8C79E25838F7B66FA7EC6E9402
SHA-512:	FC57E9DB8F2A31A94E566B2C1D05BD8AADCA873A3872F0CF74AD755584F426783C90BC28E1C3DEF13B4B8B2DEB0334D8817250362906483D3C0067D5B1F45D26
Malicious:	false
Reputation:	low
Preview:	0\r..m............]....._keyhttps://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/readmore.min.js?v=11994212879037969866 .https://hereforyoushop.com/....F./........................q;..+..:....i:.hK...v.iN....A..Eo..................A..Eo......................F./...................'.......O....X....7...............................(S.8..`(.....L`.....(S.\|.`.....(L`......Q.@.F......define....Qb..c.....amd......`......M`......Qc.\|.....jquery....Q.@&.....exports...Q.@z.%....module....Qc.Y.D....require.......Q.@v!.M....jQuery....K`....Dy ................s......&.(........&.z..%&.^.....4...s..$...&....&...&.]...&.]...&.-...%......&.]........(Rc................I`....Da......... ..f..........P.........@........@.-....pP.......b...https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/readmore.min.js?v=11994212879037969866..a........D`....D`2...D`.....x...`8...&...&....&.(S...`0....dL`.....xRc8.................Qb.Q......t......S....M...QbJ.S.....n.....Qb^.\.....o.....Qb~?.?....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\86df87e775f96432_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	388
Entropy (8bit):	5.849202877872628
Encrypted:	false
SSDEEP:	12:fgzD+hUciRtmv2I/Hp9FTDbBKdtjR3Rt:UIUjR2JDsL
MD5:	B36F07EEAB67E678E9335B9E58CD9035
SHA1:	F9B2FA985B1361B557CAA5BC7E57D724E9F974D2
SHA-256:	1057785BED1BC4D1D66B58E368A13B13A767071628F3B616FF713E86A8FE49EB
SHA-512:	32ABAA843DD3A6DBC854BC8B79B6A0BE4B8A5268BBDDDE122F27005B9DAB066E9048D60EB6EBCD18D99275679B5001992FB06606D8DDE43783C457691916DFCC
Malicious:	false
Reputation:	low
Preview:	0\r..m......\|..........._keyhttps://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/jquery.js?v=8926416544707358891 .https://hereforyoushop.com/57..F./.............v...........q...Nn.........'Z.V8.g....{.A..Eo......,...........A..Eo..................57..F./..x..5984523077983483C1A471D01D8855390ADD027C680C9E7B2B30BDE1A2D2CA0F....q...Nn.........'Z.V8.g....{.A..Eo......C].5L.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\998808883a4f4580_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	4840
Entropy (8bit):	5.739131367140293
Encrypted:	false
SSDEEP:	48:OO0koCE8HrtQ3ysZMnpf3WyDBr75J77IT:4aJEUHpI
MD5:	94B404F5CF56576B1D1F7DC68DFE9BE2
SHA1:	BA404A0F2FE272FD2152BD22F21E8A9E3D916DAC
SHA-256:	67141D815447491B6EDE2BFA8232352C9FDE73FDFE15F92C76CCB046C52EEDBD
SHA-512:	A49489ACA838C65D5EB35FE98CAF71C01AD2B2AA0E9C7CD0F0024425A7C7150E3B2D0A098E535407FB54096848A8B526E04E768038DFB36C4C0612612A1542E4
Malicious:	false
Reputation:	low
Preview:	0\r..m......n..........._keyhttps://connect.facebook.net/signals/config/713019789423044?v=2.9.29&r=stable .https://hereforyoushop.com/.2..F./.......................]...`.^bm..~......V:g^E....;..A..Eo........\|<.........A..Eo..................0\r..m......n..........._keyhttps://connect.facebook.net/signals/config/713019789423044?v=2.9.29&r=stable .https://hereforyoushop.com/y...F./.......................]...`.^bm..~......V:g^E....;..A..Eo...................A..Eo..................0\r..m......n..........._keyhttps://connect.facebook.net/signals/config/713019789423044?v=2.9.29&r=stable .https://hereforyoushop.com/..c.F./.............^.........]...`.^bm..~......V:g^E....;..A..Eo........"#.........A..Eo..................0\r..m......n..........._keyhttps://connect.facebook.net/signals/config/713019789423044?v=2.9.29&r=stable .https://hereforyoushop.com/....F./.......................]...`.^bm..~......V:g^E....;..A..Eo........=..........A..Eo..................0\r..m......n..........._keyhttp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b0beb027e8e5de96_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	135280
Entropy (8bit):	5.80672594523309
Encrypted:	false
SSDEEP:	1536:cP1LGjtnN8fvatwigB/PYN/8hn/Arg4j4HX6Mwi7txTF/zHC2pXyRCVqMjgW7jKe:OxfyGlYcJ7PsAeBPta4BzcKC
MD5:	DC0EF74977455A94CFFE6FB18E655708
SHA1:	D91CD0365EF1616A98BF3AD683C0C92288936FE5
SHA-256:	372AD6507D72C347BC4C6DE15A048FE0B064889D6E303E8DB74F06D2E3F29282
SHA-512:	D899F9C04386359954E3BFD38FE3C88BF0B4F712F6BC54AF490DADD7B62CDA3962592997F26F770AF1391F84350D0FD1630CAA4474284A2C5B30EDBF2C322BF1
Malicious:	false
Reputation:	low
Preview:	0\r..m......@....T......BB578D03EC8DFEBFF3CA1BA958076F10DB0E1EE6FA8642039D8208FEE9D6E2F4..............'.j[....O-.........U:.........................!......................................................................................................................,.......................L....................(S....`l....PL`$....(S...`.....(L`.....HRc .................Qb........n.....Qb........t.....Qb.j.....e......S.c$.......$.......I`....Da....N.....Qc.E.....window....Qd&......matchMedia....Q.@Be.$....module....Q.@.B{.....exports...Q.@../....define....Qb...%....amd..(S.....Ia........I..1..@.-....hP.......\...https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/vendor.js?v=10210318190529598248a........D`....D`....D`............`@...&...&..A.&....&.(S....`........L`F....XRc(.........................Q....S...Qb2.......o.....Qb..6.....r...e$.......................I`....Da~........(S.....Ia...........Q.....d........@............(S...Ia%...e......d........@............(S...Iao

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b6e0bfd2dc8319e1_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	5020
Entropy (8bit):	5.610660435224333
Encrypted:	false
SSDEEP:	96:JjHjrjtZjujEQJj8jbjLMjFdj6jrj/jsjPjOj+jFjkj7j:JjHjrj7jujjj8jbjLMjFdj6jrj/jsjPk
MD5:	E8F56F784351934E8C7354EEACC4F558
SHA1:	A16C32B94E19CD166438784D8344DBAC124FF3DB
SHA-256:	ABFB49C97FED4AD34C01EB6F06E3114C3F3F748139F455B89C4E33BA444B545C
SHA-512:	38234110AE1E825A9EDC270196549C2D6BFFB3562E10A7895C9740D0F7754CDE6E8F554D5EAE110C63DD6FB7341BE9E2331DFC4F0C977D4C2D3CBD5D68F6C4E5
Malicious:	false
Reputation:	low
Preview:	0\r..m......w...U..~...._keyhttps://cdn.shopify.com/shopifycloud/consent-tracking-api/v0.1/consent-tracking-api.js .https://hereforyoushop.com/~..F./.............*.......V.......Z&G.=g.c....O..}..L{.....A..Eo........Q..........A..Eo..................0\r..m......w...U..~...._keyhttps://cdn.shopify.com/shopifycloud/consent-tracking-api/v0.1/consent-tracking-api.js .https://hereforyoushop.com/.P..F./.....................V.......Z&G.=g.c....O..}..L{.....A..Eo......\|............A..Eo..................0\r..m......w...U..~...._keyhttps://cdn.shopify.com/shopifycloud/consent-tracking-api/v0.1/consent-tracking-api.js .https://hereforyoushop.com/.\.F./....................V.......Z&G.=g.c....O..}..L{.....A..Eo.......T(..........A..Eo..................0\r..m......w...U..~...._keyhttps://cdn.shopify.com/shopifycloud/consent-tracking-api/v0.1/consent-tracking-api.js .https://hereforyoushop.com/.K..F./.............+.......V.......Z&G.=g.c....O..}..L{.....A..Eo...................A..Eo..............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bba70edea388aead_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	12964
Entropy (8bit):	5.868290055755293
Encrypted:	false
SSDEEP:	192:a/uUg/fDbeux43biKX4bHbm2NXxNRIm6NoR+J:a/ieuG2iU7vNXxWlJ
MD5:	E96E21737071814FF1ABF68EC5732E23
SHA1:	84135A8CD0F1D21A38DDEC9319993FEC94B07015
SHA-256:	11EA67EF952D70F9D9B62B051F84E3BEC5C923A1D3377A0550BF160FC59629AE
SHA-512:	A45ACEFCB6FF5982E5F69FD1F5F65914F7D5E8BB29E565A0C17E954FB30A982B9BEE9A53764CF2E5E7B0B032FEB2944B794D4594D71F159A1B29F3842E6401B8
Malicious:	false
Reputation:	low
Preview:	0\r..m............#....._keyhttps://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/jquery.currencies.min.js?v=17505776077200662322 .https://hereforyoushop.com/.w..F./.............i........\|.E....,q.t.p ."...ohS....{.....A..Eo...................A..Eo................................'.Y8....O.....0..D..!.............................................(S....`b....xL`8.....L`......Qc..MF....Currency..Q.@>AJ~....jQuery...(S........5.a..........Q...Pc.........cookie.a........IE.@.-....xP.......k...https://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/jquery.currencies.min.js?v=17505776077200662322.a........D`....D`6...D`.....0...`....&...&....&.(S......a...............a.............Pd........cookie.writea ...R.....Qc.\O&....write...E..!.d....................&.(S........5.a...........Pd.........cookie.reada`.........Qb^/F.....readE.d....................&.(S......a............a............a..........Qc.hh.....cookie....Pc.........destroya..........Qcv(.....destroy.E.d.................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c158b458b7cee6a4_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	389
Entropy (8bit):	5.8590579651279775
Encrypted:	false
SSDEEP:	6:mOyUYE4JyKKz57RWMWYZ45mFV2KZg/g9I//cC9k4tcthK6tsYnatTVSUgnOfC9k4:HD3WYWmv2r/4I//L90t7ibJVS9nD9
MD5:	47A24F30D4B9255B7FC62DFC9D4D7160
SHA1:	E906CC8A0C23ACC83339F2EF1A81BE437167BBB8
SHA-256:	0100A126EEFB8A1BE67A8882D19E07E2DFCF1BF9600CAA542C2DB71D1308E17B
SHA-512:	C6136754AFD0F939C23F93098226BC7ACD525BE5EE627C29ADB1A185211F279FA2C51D843321F0EE2EC1B5A1065C6F17D2294E685099E3342550B6918D16ECFB
Malicious:	false
Reputation:	low
Preview:	0\r..m......}.....I....._keyhttps://cdn.shopify.com/s/files/1/0481/0922/4087/t/2/assets/vendor.js?v=10210318190529598248 .https://hereforyoushop.com/...F./........................W{.[..B.Ae.5#..'.h...{....l.A..Eo..................A..Eo.....................F./.....BB578D03EC8DFEBFF3CA1BA958076F10DB0E1EE6FA8642039D8208FEE9D6E2F4.....W{.[..B.Ae.5#..'.h...{....l.A..Eo.......Y.fL.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cbbf2764fba56c85_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	241
Entropy (8bit):	5.5501346333657
Encrypted:	false
SSDEEP:	6:mhAwVYGLKdXNQKwkERugXgGXYij29kYBhK6t:WRohNQKwkE8gXxXiZ7
MD5:	1EAF4A284C7AFBECED29FB6BA52FF04C
SHA1:	9DB71DDD85F0750612B9CD2D38162E51F34F5028
SHA-256:	E3596B619929638F93A86A1F98160D73587D971B85F6FE0CDEF1E2FDDE39AD94
SHA-512:	6C509584A68F93ADDBFC5F8CAF2896AB80E3CAC43C6D0A827154DC3C2B7CA79F9C3D163D5E6C8477B8D2A5AEB31E578FC985FDABB9DDF83133E01FAD9C1FAB1C
Malicious:	false
Reputation:	low
Preview:	0\r..m......m...;.W....._keyhttps://www.gstatic.com/recaptcha/releases/UFwvoDBMjc8LiYc1DKXiAomK/recaptcha__en.js .https://google.com/.t..F./.............D................tG..i....=...M.. .L.3...A..Eo......Ep@).........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e1b5eda50cde505d_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	5.577284927242343
Encrypted:	false
SSDEEP:	6:morYGLIkVAhpNHt4gwgusltgRt5O9njq9zbK6t:fct9fwxsXoM9jq3
MD5:	0825A94EC2CFA0C6B9FA5E7B5D60FCA8
SHA1:	320A15AFBF2EF0EA983B51D06E717145316909CD
SHA-256:	D43B0825DA3213CBCB4BF36B83BEC0F8014D812A23569878DD8F6C0611B48336
SHA-512:	7DB2A399101D061BC170C32F3E73BF3C40AE7AB37120D42AE5729FADC8E98041DEE1F63342B96B9F21F8022479061A70FB526B71A9BCCA8CAB70459DE16C251E
Malicious:	false
Reputation:	low
Preview:	0\r..m......d....E....._keyhttps://www.google.com/js/bg/O67mjpEsjT-AT91MDd0pGc2bzg3wulEAhSoq1-VXop8.js .https://google.com/db..F./.......................U.P.%F.V.0D..N=l.ElN....kt....A..Eo..................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e7bec4ed4587ef3d_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	239
Entropy (8bit):	5.498584980944372
Encrypted:	false
SSDEEP:	6:mUZlgEYE4OZo01gPzJ8mFV2KAXDg0HHogJJH4XZK6t:pbNToB2mv2nvHIWcT
MD5:	DEB004CB75B9CD45BA7115B5683243F1
SHA1:	2F7C09128CEE59298852462AE49A74CB74CB812A
SHA-256:	D03D1A14633C18EE9AFBD7D88E56BD815C5E0D99A093AEE8F767BCBD3C2B0000
SHA-512:	F21BEA52509177B06D6AD3FD86468F099F03DD135D363DEA3E0843A1ACC086A74CD7A6C472519144C09B488389C1669C43FED87E9FB52E1A9EA1F8D315FE1FF1
Malicious:	false
Reputation:	low
Preview:	0\r..m......k.....1....._keyhttps://cdn.shopify.com/shopifycloud/storefront-recaptcha-v3/v0.1/index.js .https://hereforyoushop.com/...F./....................y.7...QF9..b..x.&....>.U*Y..o8...A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\efbb20c56b919bd6_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	5621
Entropy (8bit):	5.488891081308025
Encrypted:	false
SSDEEP:	96:Lu5VqGcDw+9u5VlsrbjQM96vQpXusl+affOlr+f:Lu5A99u53sr56o1usBvf
MD5:	419E2B9A23BAB5616315294DE3F49FA7
SHA1:	13FC115979749E7AE0F65B41A5B164ACA574AE7E
SHA-256:	098671EF854AA033F701747DDF4C11D89406059860995EFFC9C5C55ABF99BF5A
SHA-512:	338CE92CB5140E796C3F0373A3BE7A5B72297BE0503A04AC39DD45B47C2F796117FE6D130EC438860C3E541AC79C83AD8A982682FAD41C5B995AB9DB760BFB16
Malicious:	false
Reputation:	low
Preview:	0\r..m...........9.0...._keyhttps://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-68ba3f1321f00bf07cb78a03841621079812265e950cdccade3463749ea2705e.js .https://hereforyoushop.com/Lq..F./....................(}.e^.rH.vr.}..K&R......on....A..Eo......~.J..........A..Eo................................'.......O.... ...8.O.................,....................(S.L..`N.....L`.....(S.P.`\.... L`.....@Rc..................Qb........s.....QbB;......h.....Qb>.......f...b............I`....Da.....9...(S.L.`P.....L`........a..........Q.@.B{.....exports....a..........Qb..7.....call......K`....Dm0.............}...&.(...&.(...&.(...&.'..'..W....(.......,Rc.................Qb.j.....e...`......A.a4...............c.................@.-.....P.Q.........https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-68ba3f1321f00bf07cb78a03841621079812265e950cdccade3463749ea2705e.jsa........D`....D`>...D`.........`V...&...&..!.&..A.&.(S.4..` .....L`.....4Rc.................Qb

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	3.368044510240202
Encrypted:	false
SSDEEP:	768:ITc6bn11wzFMsZiTY22ezfnWJngKat4GX0Yt4GXU:I4smz+YPMfnWJnxMaMU
MD5:	CAD001F2A1115BCAB516AAA3F0343CF5
SHA1:	8B4E9DF3CCC56FCBB65592256BFC681F689BF429
SHA-256:	14C40B64D0121E0D356F4AA313EC554E7E161131C1C2E88E93D1D10D3E7D2FA6
SHA-512:	7D0228048B2A77D966E4B6114E4E35A10067E42D5A34907698516DBDC5B5940F2DA02A4E0538930EDE90A507B46013BFCC139322040AA8E51A5D1C48A251291C
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	151936
Entropy (8bit):	3.1079681694806633
Encrypted:	false
SSDEEP:	768:YOcg2m7KMs2wzI6rTY6fFRSWJngo3+t4GXz:YBekzzY6fLSWJnTJMz
MD5:	63C39728DFF0785BFDC1BDB245DF5711
SHA1:	F3EFA74DD923EC62C3363C16C02CAA37F24349A7
SHA-256:	4276A5FBFD4F8419BBC7148FA8BACB9BD3D91940A99929F669A9EB57CCB4FE8A
SHA-512:	51A84A5B2AD510C1E55EEE78114FF909DD98ECA5267E3543296E777E5DB4A3D163428806B0203EF76FCE24BBF1167816B28E2A03066CC321291FD06F4D3260EE
Malicious:	false
Reputation:	low
Preview:	.............{.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	136103
Entropy (8bit):	4.118826679732764
Encrypted:	false
SSDEEP:	3072:MLweXXdS5CExPAo9B0Pa1N36F1Gu9ufbm56:QXo5PPrNu1L56
MD5:	D8B0C001E62FE6FBF67795D77C8367CB
SHA1:	EA2C0840F57B66F0225CDCF2B2711A4677675F06
SHA-256:	37AF60DE16CD9EF48C9FF1A52CA3FD09AD442C6B46D114B9AA521E2DA96CA2EE
SHA-512:	79A4FBD575CB9A0EE55997AC272D1450F1E780E745927416B06830349034EDE2B5B358B277F8226455602A7F44235E3A94606A6BDC6A735B6A57B6B10BF8906A
Malicious:	false
Reputation:	low
Preview:	SNSS....................................................!.............................................1..,.......$...bb2f95f4_ceec_4a1f_8c33_906134883fe2......................D...................................................................................5..0.......&...{524A03AB-861D-4591-9B4E-BDD69F9D425A}.............q..l...............https://hereforyoushop.com/.....H.e.r.e. .F.o.r. .Y.o.u. .C.o...................................................h.......`.......................................................)z#.....*z#.............(...............................>.......h.t.t.p.s.:././.h.e.r.e.f.o.r.y.o.u.s.h.o.p...c.o.m./...........................................(.......................................................................................0.......H.......p...............................................0.......H.......`.......................h...0.......?.%. .B.l.i.n.k. .s.e.r.i.a.l.i.z.e.d. .f.o.r.m. .s.t.a.t.e. .v.e.r.s.i.o.n. .1.0. .....=.&.................d.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	1.8112781244591325
Encrypted:	false
SSDEEP:	3:3Dtn:3h
MD5:	0686D6159557E1162D04C44240103333
SHA1:	053E9DB58E20A67D1E158E407094359BF61D0639
SHA-256:	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
SHA-512:	884C0D3594390E2FC0AEAB05460F0783815170C4B57DB749B8AD9CD10741A5604B7A0F979465C4171AD9C14ED56359A4508B4DE58E794550599AAA261120976C
Malicious:	false
Reputation:	low
Preview:	SNSS....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	164
Entropy (8bit):	4.391736045892206
Encrypted:	false
SSDEEP:	3:FQxlXayz/t2Hmwg0EOZL7Ao4uhFkEuRLKyC5Ei5+Gg:qT5z/t2qoEwhXeLKB
MD5:	0A906A9A542CDF08FF50DAAF1D1E596E
SHA1:	B97D6274196F40874A368C265799F5FA78C52893
SHA-256:	EB9CABBF5FDA1AD535300B0110EAA4068A083248BA928A631C9278545935426D
SHA-512:	8795E905B711ADE6B1C4B402D50AF491B64D157AA738669482DDBFC30E857DF970BFFB774A925F3F4A0802BD27AFAF939CE140894FF09B67FB9C0BB83ED4491A
Malicious:	false
Reputation:	low
Preview:	.f.5................i.Wd...............Sgdaefkejpgkiemlaofpalmlakkmbjdnl.declarative_rules.declarativeContent.onPageChanged.[]..F..................F................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	317
Entropy (8bit):	5.22483324231829
Encrypted:	false
SSDEEP:	6:rdLZM+q2PWXp+N23iKKdK8aPrqIFUtwMdLF7XZmwyMdLF7qMVkwOWXp+N23iKKdr:JG+va5KkL3FUtwcZr/ycZ7V5f5KkQJ
MD5:	CBC7D49697E9DA8A3D07816D0857E995
SHA1:	E0BD45E24583CD8239EE972B216A3E32736B399D
SHA-256:	B68CD329CAFF19E44607363DA4249D2FD1DE918469807434D2D3D511DEA44EFA
SHA-512:	E552507B8CBD4630184FA914251F1125C67D38BA8E36BD257A4145850250B7ABFBDD19D0AEC945363FF0B75B281E1B16D65AFB7A46B919A72801025779E68F8C
Malicious:	false
Reputation:	low
Preview:	2020/11/22-03:50:58.175 6ac Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2020/11/22-03:50:58.176 6ac Recovering log #3.2020/11/22-03:50:58.176 6ac Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	570
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
MD5:	D4BA0AE0BB0B9FAFF3DA6F35FDBC3C8A
SHA1:	FB3E9DEC7F35A9B1D94E54A5659DD0DE484055E7
SHA-256:	99DEF1B557F19F04C1AFFC6F247D0451F33FC10EC42E73792223C3215AC98BE6
SHA-512:	86FD07C34B9ABD4C52BA19EAE291936F92BC6D38A75C021EDC1DEDBC15617669876180CD99F959C62476D82EC6BB9F5FE4C6CB4D82CB037EFB76D99A4D3D9C51
Malicious:	false
Reputation:	low
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	317
Entropy (8bit):	5.12770848716094
Encrypted:	false
SSDEEP:	6:93M+q2PWXp+N23iKKdK8NIFUtw6nT1JZmwy6nT1cMVkwOWXp+N23iKKdK8+eLJ:98+va5KkpFUtw6nT1J/y6nT19V5f5Kk2
MD5:	B18CB22F432C4A71931C8BFB766F225E
SHA1:	133EDC1CC95C4788565E0ADFEF9F385EA8BEF987
SHA-256:	850DA2F056E293DA0824BDEF072667B98E79D4A9E5D4463CBFC489B82551999B
SHA-512:	B0B19671E574C0FA3E13CD7D0E6A139917671DA33A8C13A08972686B46EBD248C1F1947577E1FADEAB585C0617E7EE34410444906DB854AF6ECEE54DB9E5AC9F
Malicious:	false
Reputation:	low
Preview:	2020/11/22-03:51:00.209 6ac Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2020/11/22-03:51:00.211 6ac Recovering log #3.2020/11/22-03:51:00.211 6ac Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_1\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	17938
Entropy (8bit):	6.061511031838911
Encrypted:	false
SSDEEP:	384:ahlZ97TC4hNLFkQF/4H/vo3c93yaM5ZAVGnLMeP3rrBsuzfccHyfXRH0MVEPT:ahlvS2Fk5ooNM5Zg+YePRgpXRHLVA
MD5:	58E0F46E53B12F255C9DCFD2FC198362
SHA1:	24E3904DED013ED70FFC033CFA4855FBB6C41C19
SHA-256:	F82EEF4F80D86F5DEF0F40F91FFB6453E1706CA5FD8A7172EDB19C4B17E2F330
SHA-512:	1AC83CDFF124E4C0281FBBFC0A919AA177F1524AB85434D82E5A87DDDF7CAC26A761C5E6249566626054C62D6B0F46A51AAC1F6E64C260F50832AE1D5F0A49BC
Malicious:	false
Reputation:	low
Preview:	{"file_hashes":[{"block_hashes":["vyABSKu1ssLnoQtj8Nqw6CjEthL33alh0QYBLzRg9+E=","DGWrOFQ2mF53Fk3FM5jLCV5sKg1DgRTF750mXhpKaoM=","f8vmSL13lL5/sEk/UBo2z9BTE1au+kMnftvxebWlLfQ=","g6BagkGM3fYVfhX6pe9v+WIhrxb6KJyr1H8KEdf3iQc=","6GdjKPovCi9TAL74Kj/R6GzGC1RVsWCb0lMtrG41ElU=","vttVT0ok78296FZBpoJgEIMmZmATBpKLrC5wr6RiPIg=","5dwwmOMAg6GXh2x6hn99MsZgiXJCxgTnwFdiMmcl2/0=","lQFxytI8i5cYLqNLbSnc45XXd/jEIuKwO1nAvNh5/WE=","qETF6aAOXwVcduPggf/FGrY8l2ALwdIswKxFJWG2JpQ=","+fjs95t/ESSgtcK9SzZOIcY/aemUr2I/yYI07esfjbk=","H+r4m51qI4G0z8YtAibc3/AGYvPK9qT14BbGvmM4/y4=","Qz4vtomAqVrAeKIcJ/zbVi5yDpFiY+F7tP/FTdoAKwU=","k110zqa69JMO5T4RH/nBdkCVX9I/98Gd7K2dnRuyFyg=","+QrRx4Pz8wbz4ef9ch1Q2aAQDZbv0r64NMyj9z0qaaE=","6q/tcYekY7TN66ZdPx4ALLcteRLQJqFy0wgcIqL6fFU=","djipPPtOAFsToDpKDbadLJLGQiCzTkN2qsRbzvKijBo=","uHEm1DVxHADroGNWHjmdfpdNUgtHXDQ0zfTmdqtJgYo=","1C2E0Gz2nqKFG3ghcQEVyiTYI4rTYNnrpsHQY9J7BfI=","swYZ8T85/4tzx26dfC0RKxMiHwnjqJoxtn0Mb8NdcjI=","AuXwavx8SOtkgFhnRlnM4roIw243Ryh2ktL0QZRDLoE=","oG0S5XUkjBtAHts9X+uQt5MTsf

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	23474
Entropy (8bit):	6.059847580419268
Encrypted:	false
SSDEEP:	384:7dNc1NC6IcafusK4H1IIGRlhKlkIALQWdynQh2RX4K6M1tVztzr7XSNyzH:7dOscSRKc1nGRSkIhEw6M1tf7SNyb
MD5:	6AE2135EA4583C2F06CDEBEA4AE70FA4
SHA1:	DCEB26C7F02D53B5F214305F4C75B4A33A79CDC2
SHA-256:	03AA1944CB3C4F39E20B6361571BC45DFBEBD3FFDA3D8F148CC6ECB29958F903
SHA-512:	B5945E67D9F73DD1982D687E5C6D9B5D6B3886C8050363A259755C76AC0F93651F3425FA7C21AA6A13977AC1C8C9322F998F131648CB8909096058D4F0D23312
Malicious:	false
Reputation:	low
Preview:	{"file_hashes":[{"block_hashes":["DOZdV3jFvk12AM2JNDYKo3KZrIVRprmJ+sVGWkqqE4Q=","rVElW3Hu3T52SzDDUqGT5YiJTBGUv2h3pNuBKFlhZ1U=","X/3fg4KZxgQ1jBr5QGq0F5JnflgE27UErd88mrxTcxs=","VibLbpy0ig+5INMOU71fTYN76iaka2XVpmm1qAKYsX8=","EChCwCbQHbHQ7oDdGT2qNyiRJ0yck2YC2emNGq4whtE="],"block_size":4096,"path":"_locales/iw/messages.json"},{"block_hashes":["xklkoZ7iSU1+7cd6DAtEmUC5lPFd+EgcbnzxkOiFwlk=","3KbsvoxKY/3AwqgF2aAdVQRpMhsNVRkQ3rx2A6Z2Z+Y=","o9+tsohquaCMj+70zeinRG/hBhA2uLoDl/WoC1uokME=","xV/K8xucyWJELVT8Cqn+ugFjobBVmg8pnmACF+2PP4Y=","p/mvJm2wuCl32Rx3it654MljKAsMe3S9IDEabc1A8mE=","j8mPrTb5oOsBTj2Fer78JE6xG6+kR64Cvu2SW8d3j/k=","nqSRpGQ3USU2bZJsZ+AzBmFOyann8omwJrhEWFZDTXc=","eTcQyJUuNuF9yCga/fXGyFCj/pysSceanhBzksdx23s=","Wj7faqnspelXKMvnduxHn1XUBG8TEOqyns7/oUihekM=","VtBwXoadI3EP336rAiL33Gz19KGqtN+RYdKnMKAXoLw=","iDgLXQqXJp8nCZxgLuC9LXM45DGfufvGnXvmHsn18wc=","g+RfdDfrWTUK0Pkcsbot7NJ4SC9wVRV/dVVMuHAtEj8=","2oC4HcCuXu3VjFf6wnKlznt9uqQNaebcuWpm/mWj69U=","aMUIpuFqPMiieSaWhIktCK62v2P3OZQAWupWsYzCnvk=","L

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	3:FQxlX:qT
MD5:	0407B455F23E3655661BA46A574CFCA4
SHA1:	855CB7CC8EAC30458B4207614D046CB09EE3A591
SHA-256:	AB5C71347D95F319781DF230012713C7819AC0D69373E8C9A7302CAE3F9A04B7
SHA-512:	3020F7C87DC5201589FA43E03B1591ED8BEB64523B37EB3736557F3AB7D654980FB42284115A69D91DE44204CEFAB751B60466C0EF677608467DE43D41BFB939
Malicious:	false
Reputation:	low
Preview:	.f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	372
Entropy (8bit):	5.23749817612646
Encrypted:	false
SSDEEP:	6:va9+q2PWXp+N23iKKdK25+Xqx8chI+IFUtwOLd3JZmwyOd9VkwOWXp+N23iKKdKI:i4va5KkTXfchI3FUtwaJ/yGD5f5KkTXc
MD5:	FB445883EB5BF085F6601C586288CD59
SHA1:	7621F8282A30A1D01B2E89AB7D6C0EDCD2D5A477
SHA-256:	FD5A93D63C1B36418FDE4F13833C7C6E21E8C6F4E9D4F042F3EB647DA827A8BD
SHA-512:	36C8AB33A2AAC507CD7107FE99B79898320DCA1FFEE87BBBE378884C6B47AD291358E9A881350930B274D4A82B56BAD844AC9054D771DAE80F18C8564B6DD2D7
Malicious:	false
Reputation:	low
Preview:	2020/11/22-03:51:11.058 1368 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2020/11/22-03:51:11.059 1368 Recovering log #3.2020/11/22-03:51:11.060 1368 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.244836522441303
Encrypted:	false
SSDEEP:	6:OL39+q2PWXp+N23iKKdK25+XuoIFUtwp3JZmwyj9VkwOWXp+N23iKKdK25+XuxWd:o34va5KkTXYFUtwZJ/yjD5f5KkTXHJ
MD5:	0A0E8CCC52FDC68BC57D7B5425E73F55
SHA1:	A46C8322BC9C7114264CF97356B4B6EC60922C52
SHA-256:	1D8C155B5E5D1C31F23E10C38291EFCDD0FF6EF7C37B455273F3A4719A10C324
SHA-512:	97F4750F002053138D31079C22251A7A0BC48E3D7AECCACAF9C60F4508B4C646311755091FE4B2AA0DC4B500FBEEE5E86EEBD73BA4E58F46248E77DFAD32818A
Malicious:	false
Reputation:	low
Preview:	2020/11/22-03:51:10.954 1368 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/MANIFEST-000001.2020/11/22-03:51:10.969 1368 Recovering log #3.2020/11/22-03:51:10.978 1368 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000001.dbtmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Reputation:	low
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	102
Entropy (8bit):	4.707425199545215
Encrypted:	false
SSDEEP:	3:w1tsm1iILeNlA1jPqciKPnSc+VVn:w1tsmRLVP1/Sc+VV
MD5:	7E6074135B54581D9C9A50EC25141C6A
SHA1:	362BE82BA04A240771813665F436B0EF9D24C35F
SHA-256:	8A14329F2C4F6E9CD07FDABA314C1F29FDE90C936695F0E95118778B2E0CD7A2
SHA-512:	D715BD9AE5A94DC6F30D6B8A475DFD69DE15C3915987D6A2D9E6F761237055AB1409B24431F9F6497FE0CDF664449F13F3D52FB0C49E4221CE3145862D9048F8
Malicious:	false
Reputation:	low
Preview:	mP...................LAST_PATH.-1.X7.>................LAST_PATH.000..ORIGIN:https_www.google.com_0.000

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	142
Entropy (8bit):	5.2599445498146675
Encrypted:	false
SSDEEP:	3:tVPnf2npMMLKqFkPWXp5cViE2J5iKKKc64E/+MOMcWIDMGk4cWIV//Uv:mMM+q2PWXp+N23iKKdK29MRgPRIFUv
MD5:	DD77E646F6F1E7F1F8E080AA55EB25DF
SHA1:	1AF294EA2F1B8E63FD85FD563385DB66FC6F10E7
SHA-256:	1EF200FF6A8F2D58C1E51050A1CDFDC7C1F364DC5BFD4B20B52DEB016F82D557
SHA-512:	A50EB2CAC0B2765CACDD885E15727055DFB582A7D0284229C327BDFCFA22CB78787A85FEC336B0F2118BF2EF8F346B295622627C22F3E642E099DFCEC5CF53F8
Malicious:	false
Reputation:	low
Preview:	2020/11/22-03:51:18.682 6ac Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\File System\Origins/MANIFEST-000001.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\MANIFEST-000001 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PGP\011Secret Key -
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Reputation:	low
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.198164066094986
Encrypted:	false
SSDEEP:	6:2uUX9+q2PWXp+N23iKKdKWT5g1IdqIFUtwSTXJZmwyfvF39VkwOWXp+N23iKKdKn:2uW4va5Kkg5gSRFUtwqJ/yfvF3D5f5Kg
MD5:	479FCE28CCDA99C82983000BD88F11B3
SHA1:	30ADB01C89F0C3B0E9DF594937FFEDDB2A04D2A2
SHA-256:	F69A770044334AFE60C0A92E6DB30878A77E0F30121AC5E596E08FB38DA3672E
SHA-512:	696161786DC04633CAB8F2F74F3161C296DFF93CD398D647E3C1869B8240BA8ADEF119AB70FB064B91AFC38B0D4759ED943287C54070C1FB1C6734B9EB4358F2
Malicious:	false
Reputation:	low
Preview:	2020/11/22-03:51:10.802 1368 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2020/11/22-03:51:10.803 1368 Recovering log #3.2020/11/22-03:51:10.806 1368 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	184320
Entropy (8bit):	0.8590167835045356
Encrypted:	false
SSDEEP:	384:cHx/xXRKwwx/xXR4d0Twx/xXRGuNx1wx/xXRspS:CS
MD5:	5EEAB04F1B8B2F07E89655B7EE0A78DB
SHA1:	1DFECBD229FDEDE8EF14E6245D3EC5B84A6D159B
SHA-256:	95AB3845B72C993655B3576549960E51812171F43DC9111B4417AF98AB3B96C3
SHA-512:	EC5BCEB3B047DEB916132DFAD57A287392F0996D0478D24CD2F38730345E0095D1A922E8B4133CADFE76600A35A80CE18E937AB9EC09605A72F50F20E74093EA
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	630
Entropy (8bit):	5.346046320944347
Encrypted:	false
SSDEEP:	12:1RvAZfPutxXQXs2mv65ga28OGTCWQ3o4BM3Rvsxu23tVu/zVa/q31M09fHmv2FLQ:1OZiCXs2tX2NsCum2Rvx2dUM0K4JC
MD5:	AF7B71ACAFFC854EE37F747938C69818
SHA1:	61B2B01E5A2A14D8AA70A5BAE9DE732C09EB99A5
SHA-256:	8626885E2632573E8BCABFD1321F7B2AC851392FEF375239B9D26533407E9418
SHA-512:	BB6B14E1FA320B45AE556343341EB200E4A881689DEA41BD509883C69699FBCB4251AC9A4143B214470CBF963F902A83FE531296B4129C603BD5B7122906B3B1
Malicious:	false
Reputation:	low
Preview:	............."?....co..com..for..here..hereforyoushop..https..maincontent..you_......co......com......for......here......hereforyoushop......https......maincontent......you..2.........a........c..........e..........f.........h..........i........m.........n........o.............p.........r..........s.........t.........u.........y....:Q.................................................................................B.....Z...... ........'https://hereforyoushop.com/#MainContent2.Here For You Co:.................N...... ........*.https://hereforyoushop.com/2.Here For You Co:................J!.................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	187824
Entropy (8bit):	0.6371810845007186
Encrypted:	false
SSDEEP:	192:C5foWVKx/xXRGFxWVQVwx/xXR/t7bWV/wx/xXRvK9bWV9:Cd4x/xXRGF9wx/xXR/tiwx/xXRvR
MD5:	A080CB7B16062D1B582712A962E9909C
SHA1:	BA0ABFBB826CCC32202CBA53BDE038128D3572D6
SHA-256:	F5D1D6CDC4CABD9B8E230D82F389EEFE7E1B31CEAC58EA3B26DB35D8CE911ADA
SHA-512:	DFEBB6E4D4C51BAC61B3E19B0A250EBC2C6E8AB4B8E81820DB57E6DC71DAA493868356749D65286BD34F61D13713B79F6BCAA00AB687F5CA9BEDD3658C2ABB70
Malicious:	false
Reputation:	low
Preview:	.............I%.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	3251
Entropy (8bit):	5.584508708739781
Encrypted:	false
SSDEEP:	48:ZhiYUZGbVa7TMt8dbQ/P2bQSefgGWNrS0U9RdiN97x:uY3a7TMGdbQ/P2bQ5fgGKrS0n
MD5:	4E57E9A08DBB8647AA992B85A8400317
SHA1:	7BF1A0040D6BFBDDE7016A69991FFA1734C5548E
SHA-256:	2980C0764100C7695A17245A175C17D6322FCCEF8EC183F6D0F2B4F1FFE4C37B
SHA-512:	DD450128EB46184EFAF321AAF446BE1F74C5B351F1E1EF21F560991BF2DF3604A621B1536C62CFE9BC2854B31AEBEB3C8E8593169B7955A42AF822063C78A4CF
Malicious:	false
Reputation:	low
Preview:	....W..*.............META:https://hereforyoushop.com.(_https://hereforyoushop.com.._boomr_clss.aD.g..,.............META:https://www.google.com............._https://www.google.com..rc::a..dmx6NTNneTBramE=.Xq.................8META:chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..............Y_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.HangoutSinkDiscoveryService;.{"cache":{"sinks":{},"g":{},"h":null},"manualHangouts":{}}.a_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.IdGenerator.cast.RequestIdGenerator..3321000.H_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.LogManager...["[2020-11-22 03:51:15.87][INFO][mr.Init] MR instance ID: a58b5fd0-9566-497f-9a4f-a79b26073991\n","[2020-11-22 03:51:15.87][INFO][mr.Init] Native Cast MRP is disabled.\n","[2020-11-22 03:51:15.87][INFO][mr.Init] Native Mirroring Service is enabled.\n","[2020-11-22 03:51:15.87][INFO][mr.PersistentDataManager] removeTemporary_: 163 chars used\n","[2020-11-22 03:51:15.87

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	329
Entropy (8bit):	5.150111705469564
Encrypted:	false
SSDEEP:	6:rdLVPvqM+q2PWXp+N23iKKdK8a2jMGIFUtwMdLVSJZmwyMdLVy3cMVkwOWXp+N2s:JVv+va5Kk8EFUtwcO/ycoNV5f5Kk8bJ
MD5:	B46D720EA652FDC264D5AF356493BCC9
SHA1:	985832140EBFC216296525F39481E7D50169F37C
SHA-256:	DEC9C1932B6F7D5A32A5ED24B3AC82758CAA317502FE99E2091A5F526398C739
SHA-512:	4C230D57537C2474642F1DEB02C884A5EA3993D3AE21C3579FD37B36B850934D0FBEC5DA1C09CB7EB54A6D644D9F2402EB779CFBF065D9A811B64F52A86FC19F
Malicious:	false
Reputation:	low
Preview:	2020/11/22-03:50:58.013 8ac Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2020/11/22-03:50:58.014 8ac Recovering log #3.2020/11/22-03:50:58.016 8ac Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	1.1799874931829053
Encrypted:	false
SSDEEP:	48:Trw/qALihje9kqL42WOT/Utbw/qALihje9kqL42WOT/eev:vOqAuhjspnWOuOqAuhjspnWOCev
MD5:	4E4D7700D6FEB87512EDD4E81166F988
SHA1:	FC43F169BCADF94B67A1C769D1618C271BA4656C
SHA-256:	9808BA7CE6CA5A773B385922FE5969F1B711005E8E8B56257F94F720EB90C78B
SHA-512:	832C5F026831BEFF5EEBCEF3E2CFAFAE4F00E87F46C57533A1A3D79BB8A6BBB10A5D5CF695580E433AC1D7C75B95C65622A602FE76F984327A41205E1DFA5752
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C.......,......\.t.+.>...,............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	25672
Entropy (8bit):	1.0207556039546837
Encrypted:	false
SSDEEP:	48:U4q7w/qALihje9kqL42WOT/Nzqrw/qALihje9kqL42WOT/rt8:U4UOqAuhjspnWOtkOqAuhjspnWOH2
MD5:	CD42BF81C08E0FE42FEE0F1EA72DA21E
SHA1:	E43345D27DF49D30E617BAEC25F08CE9C88504E7
SHA-256:	8215B6FCE3C6501D761AA31E179291112FBF33BE6326E5FD8F03A59BF145CDB6
SHA-512:	1F5806C9441B986E5D5F015703A019F694DC74211EB766BEF64B1DF983F93DF8AB2E0C040D6BBC7DD084F9A2DDB87671D1752DC96CCFCEA8BE96FF325F35FDE2
Malicious:	false
Reputation:	low
Preview:	.............8..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.216719795845846
Encrypted:	false
SSDEEP:	6:rdL2M+q2PWXp+N23iKKdKgXz4rRIFUtwMdLPEJZmwyMdLPEcMVkwOWXp+N23iKK2:JP+va5KkgXiuFUtwcgJ/ycg9V5f5Kkgi
MD5:	2086D12D041D6A9AD709FC0FB7A0D1E6
SHA1:	A6AB87CA58BEC784BD12BF1DEE8D0202562B0513
SHA-256:	A9C5BB3E6D4A1F054C292C9A44C651034FA75B43F89E60CA32EE80B51FFCCE6F
SHA-512:	EB846DA8B49FC744140B8F8F412E8F9CDAE3F23A68D95C3DA9FC44A1C157953D608DB25DF5810323586BBC14CB3F1C1FB653133E539974F578489C2104B80762
Malicious:	false
Reputation:	low
Preview:	2020/11/22-03:50:58.192 6ac Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/MANIFEST-000001.2020/11/22-03:50:58.193 6ac Recovering log #3.2020/11/22-03:50:58.193 6ac Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\QuotaManager Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	77824
Entropy (8bit):	0.47955088356844605
Encrypted:	false
SSDEEP:	96:vCIG+6bDdsDaBJvtHIm50I4sX/CIG+6bDdsDaBJvtHIm50I4qrl:a96EJTv4sXK96EJTv4qrl
MD5:	E4423C37EAEA1ADB66443CC3AED0C45F
SHA1:	ABC713F3BEBB02DE60E150E92E16940CEF791567
SHA-256:	CBB3B569067997DA7A0BE84063EF35AE28C9F8A9B61A5B70B35E325AF8D8ED5D
SHA-512:	C27FE1B288C35AF66F1EC513D7B2CD9500F86AF59BF90509B6C49772FE237A743B861B139545FA8518AE56790B7FA57DB2F6BBF9D60C9776A8CCCEAA17252F56
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C..........g.....*.W.L.[......."......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	25672
Entropy (8bit):	0.6549807221419867
Encrypted:	false
SSDEEP:	96:+e8efGwhSTsCIG+6bDdsDaBJvtHIm50I4He:+e8efGCSTV96EJTv4He
MD5:	D04C7CD3CF2730189850E7C29ED1DC4D
SHA1:	2F5F54DC65847AF265E9507385C8F6C86114B314
SHA-256:	58CE5D7BBF5DB950536B5ECB2FEE581898E554DAF940D930C91777BD9A43755C
SHA-512:	B25CC039A156E9B3E16B4BA02F94DE023CE7543742C6BA8F9BD15DCB115871345FEA2A8DB5BAF2F5B70EC45D1F4E220083E0BD7D7322D2C538E87F36EB8E44F8
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... .c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	45056
Entropy (8bit):	0.9203466466682331
Encrypted:	false
SSDEEP:	48:TUIopK2rJNVr1GJmm8pF82phrJNVrdHX/cjrJN2yJ1n4n1GmhGU19nMDEIopK2rx:wIElwQF8mpcS8QIElwQF8mpcSn
MD5:	DD34C8C348F77F1D6906F666C6181F4F
SHA1:	2BC89701D2128BB6699CADC9EBF2D775EA3D5A5B
SHA-256:	4A7A4B2C39082F255B6A3F49E05D0DCA4B17B548584E073F2DAA4287A20E4751
SHA-512:	7AB29F764B389DCF0178D172B1FEE98CBFC93D7DA0D2BAC985B41468C149B61F0656E8F9FBF6B7F08588B9E190152476F39D833A84FA54CE97DE84E5D9C8094E
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C..........g...^.........j............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	46192
Entropy (8bit):	0.8138665164602086
Encrypted:	false
SSDEEP:	48:v4qkIopK2rJNVr1GJmm8pF82phrJNVrdHX/cjrJN2yJ1n4n1GmhGU3zUqUIopK2Z:v4hIElwQF8mpcSzYxIElwQF8mpcSP
MD5:	C5E27E8BD3CD4A445C1CE55CF1158E09
SHA1:	8C710D700EF0D567EC3F0CB2FAF67A33CB086634
SHA-256:	D9DCEAC764981E4CDC5CBB8696F4D6C9D44D51363531B31CAF81D0B1CC4C4C55
SHA-512:	BC835B44C6DCF9602A597890A3DB81D9475534B79128DE593033FE4D13F54F6EFAF004306BD3FA5850F882B8283E4054979F81BB1C454C618A7945B597C29D3A
Malicious:	false
Reputation:	low
Preview:	............*..$........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	2609
Entropy (8bit):	5.379249637793004
Encrypted:	false
SSDEEP:	24:7AtzJgvsUhBlUXk8k8JfrQ93enDenNQW3Kk+roH6KyyvfuoNHz5RLJNIk+EI9+le:7At9gO7W3KhEfTHnVUulReHeAADyMh45
MD5:	21684EB3CDF2E74225041A57E8774403
SHA1:	2093B71A21AB353ECCF1C88A305A0069B8D5110D
SHA-256:	06E08DB4D2421145E7575717D018BCC90D44A50591FFD539EEF544FA6E36277D
SHA-512:	BE796604D897FD2FCAB6650DC1C03AA280EA4FB384CBBA51DB7DE9F06F784EDD9E35F6B0476D7E3A6A23AC70364BD4122B715043E48D984EC0D03D0A511F131D
Malicious:	false
Reputation:	low
Preview:	..&f................w..i................next-map-id.1.Jnamespace-bb2f95f4_ceec_4a1f_8c33_906134883fe2-https://hereforyoushop.com/.0O.9.i................next-map-id.2.Jnamespace-5678c514_31c7_4f2a_80ed_6cd2bf90e6c8-https://hereforyoushop.com/.1. .................. .................. .....................i................next-map-id.3.Jnamespace-83a77907_504c_4c8f_a562_f3b963f06d44-https://hereforyoushop.com/.2..R.i................next-map-id.4.Jnamespace-82e889f0_9d34_418d_902b_f8716f684300-https://hereforyoushop.com/.3o..1e................next-map-id.5.Fnamespace-82e889f0_9d34_418d_902b_f8716f684300-https://www.google.com/.4o...i................next-map-id.6.Jnamespace-7d32287e_ba47_4df6_947e_dab77eeff7c8-https://hereforyoushop.com/.5....i................next-map-id.7.Jnamespace-1d9d5d4c_c362_4882_9980_b9fbf10e6125-https://hereforyoushop.com/.62...................map-4-rc::cnB.H.K.B.S.T.l.G.t.p.1.x.U.0.K.P.z.I.Y.g.r.Z.H.x.H.4.V.p.m.M.X.u.I.V.q.R.s.p.w.O.Z.Z.0.J.C.q.4.5.N.Q.e.7.x.5.g..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	317
Entropy (8bit):	5.1851532288886295
Encrypted:	false
SSDEEP:	6:rdLzcDM+q2PWXp+N23iKKdKrQMxIFUtwMdLzcgZmwyMdLXDMVkwOWXp+N23iKKd0:JPcDM+va5KkCFUtwcPcg/ycDDMV5f5KS
MD5:	E16B14B6D779EBC9CC73B98E07528665
SHA1:	DA843F1959127C4C53539E0B374011C940358EC9
SHA-256:	A3B8D365E0A42D42F0AEEC68303BA5AC1F8E3C77B61A22B720CF4153331BF846
SHA-512:	0CA90472A832333D3F2ACE879DAB93473D099FAE2058DFC05FB5EB33366791CC4625195D7B4E9D2D0C0A122DCD1237A7BE2E4A5910144D8834B7A7B6AE57186F
Malicious:	false
Reputation:	low
Preview:	2020/11/22-03:50:58.116 78c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2020/11/22-03:50:58.116 78c Recovering log #3.2020/11/22-03:50:58.117 78c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	345
Entropy (8bit):	5.182198596706747
Encrypted:	false
SSDEEP:	6:rD+q2PWXp+N23iKKdK7Uh2ghZIFUtwMnFA5ZmwyMnFAtVkwOWXp+N23iKKdK7Uh9:Gva5KkIhHh2FUtwyF0/yyF05f5KkIhHd
MD5:	FD6523F074A1B061C894506B02583F06
SHA1:	69AB4A1620C2CE0AC4A2047AA51174AF3E5DA7AA
SHA-256:	DEE7BCA4346F4265EA210F52DD0D2D90791E787642F71F0EB9421390E558B522
SHA-512:	BB980D7BC7B11C655F07F8ED9DBB6694769BF8E591044DBE225895D32851594CE28003B412DDE559C550DCE071D9C5261E3BBAEFCDD722F767766F47C4EF1497
Malicious:	false
Reputation:	low
Preview:	2020/11/22-03:50:57.936 508 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/MANIFEST-000001.2020/11/22-03:50:57.937 508 Recovering log #3.2020/11/22-03:50:57.937 508 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\757b8612-66df-44d6-bb36-9c409cb178c4.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	420
Entropy (8bit):	4.985305467053914
Encrypted:	false
SSDEEP:	6:YHpoNXR8+eq7JdV5qQlsDHF4xj70PpqQEsDHF4R8HLJ2AVQBR70S7PMVKJw1K3Ky:YHO8sdBsB6MAsBdLJlyH7E4f3K33y
MD5:	C401B619D9D8E0ADABC25A47EE49CFBA
SHA1:	C9D3B816DD3FBCD98E9C0A32CEC7B501EFC0BBDA
SHA-256:	8F5D75F5EF9876E8D30CE477509F735B50C4D87DBEDB433BE8EDBE6D4B3CB82F
SHA-512:	BC12F16CB95CB0AD708C6BBD005EF863A8552613E612F1084086E0F8262752E1B5144D044F0D141CE8462CC33343C36B517A5CC778751680485D8F88FB51B862
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543490879170","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543490879171","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	296
Entropy (8bit):	0.19535324365485862
Encrypted:	false
SSDEEP:	3:8E:8
MD5:	C4DF0FB10C4332150B2C336396CE1B66
SHA1:	780A76E101DE3DE2E68D23E64AB1A44D47A73207
SHA-256:	18FAB4D13CDA7E1DEE12DC091019A110A7304B6A65FC9A1F3E6173046BA38EF6
SHA-512:	51F0B463E97063A2357285D684FF159FDF6099E57C46F13C83E9D3F09D7A7CF03C1BA684BCCF36232FC50834F95953C3C68675C7B05AB4F84DEF1C566A5F3F5E
Malicious:	false
Reputation:	low
Preview:	.'..(...................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	427
Entropy (8bit):	5.281523040551927
Encrypted:	false
SSDEEP:	12:JEpDM+va5KkFFUtwcEjSg/ycaESDMV5f5KkOJ:JKDda5Kkfg3T9caESD2f5KkK
MD5:	8A37871826292033A0C6AC27BEF3D454
SHA1:	3077F32182F9D7725E4F7FE8696761844D8CDD5B
SHA-256:	E82FAA1D864A61DF09F6E3FF3827A8DDB0390CECF68A498B5217B9EE60081D7A
SHA-512:	E84E18807128ADF24F0C8ECA3B9A67905748CA7043B93CB4DAE11ACA5457C1CB1412BBA559BD1456084CB2DF05E23A39245820AF2442F994639FC25EFE668BF4
Malicious:	false
Reputation:	low
Preview:	2020/11/22-03:50:58.147 78c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/MANIFEST-000001.2020/11/22-03:50:58.148 78c Recovering log #3.2020/11/22-03:50:58.149 78c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	429
Entropy (8bit):	5.282761781736419
Encrypted:	false
SSDEEP:	6:rdL2+q2PWXp+N23iKKdKusNpqz4rRIFUtwMdL0FoZmwyMdL0F4VkwOWXp+N23iKV:J7va5KkmiuFUtwcwFo/ycwFw5f5Kkm2J
MD5:	E2BB31EE7E173E53F6702769AF0DDBDE
SHA1:	00E70A8C457D65DD47FB06B23B65906C4382AEFE
SHA-256:	D242C4893BF7B809D2B4C3F5F3BBB78C20BA1F318E1B21BC3AB6C795AEDD433B
SHA-512:	200EDEC9553025565C3D03F54F4D16BC43AFFA1DC42793DF7AC50EFCB75D191C9C277783661D722C5173B40BABFF3D9AECD104DB679AC065B96081419CB5FDE4
Malicious:	false
Reputation:	low
Preview:	2020/11/22-03:50:58.187 988 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/MANIFEST-000001.2020/11/22-03:50:58.188 988 Recovering log #3.2020/11/22-03:50:58.188 988 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5l:5l
MD5:	E556F26DF3E95C19DBAECA8F5DF0C341
SHA1:	247A89F0557FC3666B5173833DB198B188F3AA2E
SHA-256:	B0A7B19404285905663876774A2176939A6ED75EF3904E44283A125824BD0BF3
SHA-512:	055BC4AB12FEEDF3245EAAF0A0109036909C44E3B69916F8A01E6C8459785317FE75CA6B28F8B339316FC2310D3E5392CD15DBDB0F84016667F304D377444E2E
Malicious:	false
Reputation:	low
Preview:	..&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	415
Entropy (8bit):	5.267234946103757
Encrypted:	false
SSDEEP:	6:3239+q2PWXp+N23iKKdKusNpZQMxIFUtw8HZZmwy80HtVkwOWXp+N23iKKdKusNP:32Iva5KkMFUtw8HZ/y8c5f5KkTJ
MD5:	0C3C6A28AA1D2A3652BD0239B37DC5BE
SHA1:	D9F2A1FA82CB2C39061D55064F840D7BE225CAA7
SHA-256:	78164CEE4D635F7465E3B82A469AA3C11AE7F759C5A31E5525C33EC2A8D9C693
SHA-512:	3A8F61986D0064E15DB5B6B55421FE45C937DAC4D31DC461AFF37ED83987533B8A4370614AC29D071B129A0FE232CEC8E108D303D08CDAE04A43D0FF3678E0CC
Malicious:	false
Reputation:	low
Preview:	2020/11/22-03:51:14.217 c58 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/MANIFEST-000001.2020/11/22-03:51:14.218 c58 Recovering log #3.2020/11/22-03:51:14.219 c58 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\17ac53e6-8fee-4d6e-8ab0-c4ee83ce8b99.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	420
Entropy (8bit):	4.954960881489904
Encrypted:	false
SSDEEP:	12:YHO8sdvBVSsB6M/BVSsBdLJlyH7E4f3K33y:YXsdvjX6gjXdL3yH7n/iy
MD5:	F4FEFEEEC722772F9DC0FCE1B52D79B5
SHA1:	00EECFA3B37113D30E7D43BE4383C540F3D93D4D
SHA-256:	D33E13C12004A700F246D8C73709114A881609D658E045D54DE36874728D07F0
SHA-512:	41E61EC89366800FD5F4DD704E53B47DE29411B9088B46349A0A350758D08569C14DCC70CF8D6A6FE6D049CB6D32F2B091153E8148A1B5857BD7AF13492071BE
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543498399332","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543498399332","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	296
Entropy (8bit):	0.19535324365485862
Encrypted:	false
SSDEEP:	3:8E:8
MD5:	C4DF0FB10C4332150B2C336396CE1B66
SHA1:	780A76E101DE3DE2E68D23E64AB1A44D47A73207
SHA-256:	18FAB4D13CDA7E1DEE12DC091019A110A7304B6A65FC9A1F3E6173046BA38EF6
SHA-512:	51F0B463E97063A2357285D684FF159FDF6099E57C46F13C83E9D3F09D7A7CF03C1BA684BCCF36232FC50834F95953C3C68675C7B05AB4F84DEF1C566A5F3F5E
Malicious:	false
Reputation:	low
Preview:	.'..(...................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	427
Entropy (8bit):	5.161643522939232
Encrypted:	false
SSDEEP:	12:1wDM+va5KkkGHArBFUtwKpg/yoFJSDMV5f5KkkGHAryJ:iDda5KkkGgPgLp9sSD2f5KkkGga
MD5:	2CE00FF5537EDFD6CF989270E2075FD6
SHA1:	6D07AEA4216245079945FFDCC6E282371EA4C6B0
SHA-256:	BA09CEC236AC6EB227C37C77E120CED0D8341D0F85E35AADA58CFB2FB23775C2
SHA-512:	B086F61CFCA2941E8A684DA114E121E7D5DB64A23C7BF1D868B8C1BEE7C6227F326EC046D00C54693F2E034ABD09429F387D8F1539D7A12A261A01BA3500587E
Malicious:	false
Reputation:	low
Preview:	2020/11/22-03:51:11.213 78c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/MANIFEST-000001.2020/11/22-03:51:11.218 78c Recovering log #3.2020/11/22-03:51:11.220 78c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	429
Entropy (8bit):	5.1749753446233155
Encrypted:	false
SSDEEP:	12:t4va5KkkGHArqiuFUtwtX/yy5f5KkkGHArq2J:sa5KkkGgCgL8f5KkkGg7
MD5:	B727555027D05840C45D64452A0EEED7
SHA1:	11232F69169007AF324E4EFF070A901CC9A519F9
SHA-256:	618381567100594D84C09E7436BED8BED79EBD7226FF7F5D6BA5C2A42559FF09
SHA-512:	CC16E767E2F19377E5D78FC2E74512ECE0CE9CEECCB0F97ED8E3494F372B88DC456E2A4A7E6C3CD615FCD8DE307F3B24874B4EFCE85DC5EEB3DBB7A717ABFBBD
Malicious:	false
Reputation:	low
Preview:	2020/11/22-03:51:11.222 c58 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/MANIFEST-000001.2020/11/22-03:51:11.225 c58 Recovering log #3.2020/11/22-03:51:11.226 c58 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5l:5l
MD5:	E556F26DF3E95C19DBAECA8F5DF0C341
SHA1:	247A89F0557FC3666B5173833DB198B188F3AA2E
SHA-256:	B0A7B19404285905663876774A2176939A6ED75EF3904E44283A125824BD0BF3
SHA-512:	055BC4AB12FEEDF3245EAAF0A0109036909C44E3B69916F8A01E6C8459785317FE75CA6B28F8B339316FC2310D3E5392CD15DBDB0F84016667F304D377444E2E
Malicious:	false
Reputation:	low
Preview:	..&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	415
Entropy (8bit):	5.164959043073052
Encrypted:	false
SSDEEP:	12:vFN+va5KkkGHArAFUtwiZ/yiNV5f5KkkGHArfJ:vF6a5KkkGgkgp0ilf5KkkGgV
MD5:	F8357E7A5580E00E501DA4CAAD97FEBE
SHA1:	168F60080326657E0B30BFF0B8DD5881707DCFD3
SHA-256:	775D823B1F7B6E6E49CE69F4E480DCBA0AC080E6F8EACDF4D600CD09D7564A2D
SHA-512:	03EA8CCA727B164622BFB65599824591A8092FCFAE17B04A4A18250E7FE10CA4CEEA192A8DDB072C7C28130883876902DE62A29812CB4FC93B8F609FC1D8BD6D
Malicious:	false
Reputation:	low
Preview:	2020/11/22-03:51:26.554 6ac Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/MANIFEST-000001.2020/11/22-03:51:26.556 6ac Recovering log #3.2020/11/22-03:51:26.556 6ac Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	38
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:sgGg:st
MD5:	45A8ECA4E5C4A6B1395080C1B728B6C9
SHA1:	8A97BB0E599775D9A10C0FC53C4EDB29AA4CEB4E
SHA-256:	DB320AB28DFF27CDA0A7F87B82F2F8E61B3178A6DE8503753D76F1172D32E08E
SHA-512:	8EE91A3A1E77459273553F6A776C423A8EE95DB9DCFA897771814B7AD13FD84F06BB2B859F22B6DDA384B39EAA91F1819F170BABED6DA16BDBCF5BCB06CF2124
Malicious:	false
Reputation:	low
Preview:	..F..................F................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.2434587085106354
Encrypted:	false
SSDEEP:	6:rT+q2PWXp+N23iKKdKpIFUtwM/XZmwyM7ud3VkwOWXp+N23iKKdKa/WLJ:Ova5KkmFUtwOX/yqudF5f5KkaUJ
MD5:	F001A7F57A8962FBBF9C2FAFED06F1EF
SHA1:	6CBC888FD5673F526E0500FF70F1940FA6D020F6
SHA-256:	4FD2199B0CBE740C645FF1006E576541C8B95B6877BEE2356AEA1F62C76228F4
SHA-512:	E1081BCE73A750F4AA5151EB0C6B7AAF414A6B7B9E570F10F6FD29BBF2212E11070D154114B9291462D9BE5F5553E5FED18745218B3427591DA3BB023F9FDAA4
Malicious:	false
Reputation:	low
Preview:	2020/11/22-03:50:57.954 508 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2020/11/22-03:50:57.958 508 Recovering log #3.2020/11/22-03:50:57.959 508 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	399
Entropy (8bit):	5.317268853524887
Encrypted:	false
SSDEEP:	6:rKnN+q2PWXp+N23iKKdKks8Y5JKKhdIFUtwKJJZmwyKkNVkwOWXp+N23iKKdKksp:OnIva5KkkOrsFUtwq/y35f5KkkOrzJ
MD5:	BB247650B5414BB5865FF158A05E4340
SHA1:	ED331D29DCD23D608F7C359206B15B0E14D433B9
SHA-256:	605B82FCA216305C9BDE79924075D389FDEB9C9D25B4B9EC8E4E9607D5CBC999
SHA-512:	74A426E6B28FBD0394475706283D632A7B27E02ED4ACFD35270C9E8CD346305C2950E4287228A276AF964E18F6C1125E53072C2349A6B92DF9493542B9241CBC
Malicious:	false
Reputation:	low
Preview:	2020/11/22-03:51:15.854 c58 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/MANIFEST-000001.2020/11/22-03:51:15.855 c58 Recovering log #3.2020/11/22-03:51:15.856 c58 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	240
Entropy (8bit):	5.943526332041939
Encrypted:	false
SSDEEP:	6:VTmANvdatui2ioZtSga/3P2PrP3XhD9qwbeO3qv:lmCon2iUSiPLxYwKUqv
MD5:	2085FA42DCC747720906DC6CF3D54AA1
SHA1:	494956C00405531B7B60E3E6302B219F4EAEC7E5
SHA-256:	24569DDA2746617287D9043DBEF701B43064296FB3FFE1C6D57DA485D4CB5ECD
SHA-512:	F5702A9AB2AE066176276D8506A51C77543DC21644A2623B2929F45566A8F7236C0BBADC0C69D1662301A8EBE6177316EF978F95192E74737652E51DF688CF6C
Malicious:	false
Reputation:	low
Preview:	....q..1bg.n.....)..`.P......moo......k.^9T.3......}..J.Y.......C..;..................l...........o1S{.\....wn..G............}......R(..~F.....V...F......y.c.y.........G.......9...k.........^-.......m...".q.....r#A.3T......(......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\adb15d0b-a6f8-4999-acb0-f2aca8aee801.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2124
Entropy (8bit):	5.6013402007227
Encrypted:	false
SSDEEP:	48:Y1bXiHdZYUA6UUhVEU0FJHdHUswUETKULqPeUer2UefWwUXUe9US:aXMdeUpUUEU0bdHURU8KUePeU9UETUXp
MD5:	F8F82640B0B63D9DE88A0C8E28C4F68D
SHA1:	6F78065D2B96AE827A508421915D5870F7FF9435
SHA-256:	7E627A54B7F22A53EA035719B0109CDEDD22DD55EDB78FFB749DB9349960047C
SHA-512:	FA41A488796A191FC986F1D3D878004E9D7208C40FCB2A9F58A904B34D4FE84059496F0337644EA83F335DB0E7BB6947AF4E5E75F12001AF7DB37E42C0FF4E9F
Malicious:	false
Reputation:	low
Preview:	{"expect_ct":[{"expect_ct_enforce":false,"expect_ct_expiry":1606650722.788713,"expect_ct_observed":1606045922.788713,"expect_ct_report_uri":"https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct","host":"T5AcgYcH9l2Z1a3JL5NWYpr+A+aKlk8e2eQ5R4y8JaE=","nik":[]}],"sts":[{"expiry":1637581922.45696,"host":"HFBiDP29QImD8tsB7lDVLwtFW1q+2JoXdNXZBg4nogg=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1606045922.456964},{"expiry":1633014077.350499,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601478077.350503},{"expiry":1637581922.78223,"host":"TZmujbl93Yt3JI8wZ4X/zjkA0WFNGNW44A+o7h4YyHw=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1606045922.782234},{"expiry":1613935160.788706,"host":"T5AcgYcH9l2Z1a3JL5NWYpr+A+aKlk8e2eQ5R4y8JaE=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1606045922.788708},{"expiry":1637581919.772886,"host":"WhnJUA5xp3SC0QTjQcML3oDw

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ca932e2c-23e4-4714-8052-8216e9707af2.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2125
Entropy (8bit):	5.5959283030938005
Encrypted:	false
SSDEEP:	48:Y1bZDiHdZEUV6UUhpEUcHdHUDKjwUjKULqPeUer2UefWwUXUe9hUU:aFMd6U8UUcUqdHUmMUjKUePeU9UETUX9
MD5:	6E80621145BF48FB358D80A31DC01BD3
SHA1:	D4A24309CF1AC245825742D090CB9FA2D2D299F9
SHA-256:	DBF462D302FE4D1E2E8BB6151DDABEA1115642BD32DACFD3CE98F46F54DBD647
SHA-512:	3A5231883DB6405BBE116336BBA8C743D3285E41AB7D872D431C33A9C94D59F8E0BD1E564F317B268A40B37C796DA0F752A254DA52B8A5D2EA67750CECD61720
Malicious:	false
Reputation:	low
Preview:	{"expect_ct":[{"expect_ct_enforce":false,"expect_ct_expiry":1606650702.945719,"expect_ct_observed":1606045902.945719,"expect_ct_report_uri":"https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct","host":"T5AcgYcH9l2Z1a3JL5NWYpr+A+aKlk8e2eQ5R4y8JaE=","nik":[]}],"sts":[{"expiry":1637581900.905781,"host":"HFBiDP29QImD8tsB7lDVLwtFW1q+2JoXdNXZBg4nogg=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1606045900.905784},{"expiry":1633014077.350499,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601478077.350503},{"expiry":1637581900.806372,"host":"TZmujbl93Yt3JI8wZ4X/zjkA0WFNGNW44A+o7h4YyHw=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1606045900.806376},{"expiry":1613935140.945707,"host":"T5AcgYcH9l2Z1a3JL5NWYpr+A+aKlk8e2eQ5R4y8JaE=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1606045902.94571},{"expiry":1637581903.462142,"host":"WhnJUA5xp3SC0QTjQcML3oD

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Rv:1qIFJ
MD5:	6752A1D65B201C13B62EA44016EB221F
SHA1:	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
SHA-256:	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
SHA-512:	9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
Malicious:	false
Reputation:	low
Preview:	MANIFEST-000004.

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 22, 2020 03:51:00.871861935 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:00.872662067 CET	49726	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:00.888325930 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:00.888464928 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:00.889014959 CET	443	49726	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:00.903785944 CET	49726	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:00.906245947 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:00.907040119 CET	49726	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:00.922667980 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:00.923331976 CET	443	49726	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:00.927050114 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:00.927073956 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:00.927156925 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:00.927969933 CET	443	49726	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:00.927998066 CET	443	49726	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:00.928152084 CET	49726	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:01.088634968 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:01.089246035 CET	49726	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:01.090953112 CET	49726	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:01.091129065 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:01.092775106 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:01.313684940 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:01.316381931 CET	49726	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:01.618777990 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:01.618839979 CET	49726	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:02.221522093 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:02.221558094 CET	49726	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:03.071841955 CET	443	49726	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.071963072 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.071976900 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.071989059 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.072108030 CET	443	49726	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.072155952 CET	443	49726	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.072169065 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.072176933 CET	443	49726	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.072302103 CET	49726	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:03.072427034 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.072519064 CET	443	49726	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.072647095 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.072770119 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.073312044 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:03.089801073 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.216243029 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.216275930 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.216312885 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.216337919 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.216348886 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:03.216376066 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.216403961 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:03.216423988 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.216454983 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.216485023 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:03.216490984 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.216528893 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.216566086 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.216593027 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.216629982 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.216644049 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:03.216662884 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.216733932 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:03.216742992 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:03.226252079 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.226288080 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.226330042 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.226330996 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:03.226366997 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.226387024 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:03.226397991 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.226434946 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.226454020 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:03.226470947 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.226510048 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.226524115 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:03.226536989 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.226583004 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.226588964 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:03.226625919 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.226653099 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.226679087 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:03.227600098 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.227680922 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:03.227706909 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.227744102 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.227791071 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.227799892 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:03.227821112 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.227857113 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.227878094 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:03.227890015 CET	443	49725	23.227.38.65	192.168.2.3
Nov 22, 2020 03:51:03.227940083 CET	49725	443	192.168.2.3	23.227.38.65
Nov 22, 2020 03:51:04.285727024 CET	49746	443	192.168.2.3	35.185.69.233
Nov 22, 2020 03:51:04.293427944 CET	49747	443	192.168.2.3	35.185.69.233
Nov 22, 2020 03:51:04.297224998 CET	49748	443	192.168.2.3	35.185.69.233
Nov 22, 2020 03:51:04.301951885 CET	49749	443	192.168.2.3	35.185.69.233
Nov 22, 2020 03:51:04.305473089 CET	49750	443	192.168.2.3	185.60.216.19
Nov 22, 2020 03:51:04.322101116 CET	443	49750	185.60.216.19	192.168.2.3
Nov 22, 2020 03:51:04.322290897 CET	49750	443	192.168.2.3	185.60.216.19
Nov 22, 2020 03:51:04.322449923 CET	49750	443	192.168.2.3	185.60.216.19
Nov 22, 2020 03:51:04.338886023 CET	443	49750	185.60.216.19	192.168.2.3
Nov 22, 2020 03:51:04.339494944 CET	443	49750	185.60.216.19	192.168.2.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 22, 2020 03:50:54.123845100 CET	53195	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:50:54.159751892 CET	53	53195	8.8.8.8	192.168.2.3
Nov 22, 2020 03:50:55.399003983 CET	50141	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:50:55.426323891 CET	53	50141	8.8.8.8	192.168.2.3
Nov 22, 2020 03:50:56.766448021 CET	53023	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:50:56.804260015 CET	53	53023	8.8.8.8	192.168.2.3
Nov 22, 2020 03:50:57.710494041 CET	49563	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:50:57.746298075 CET	53	49563	8.8.8.8	192.168.2.3
Nov 22, 2020 03:50:59.110172033 CET	51352	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:50:59.137510061 CET	53	51352	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:00.497879028 CET	58823	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:00.525032997 CET	53	58823	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:00.808986902 CET	57568	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:00.816483021 CET	50540	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:00.823604107 CET	54366	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:00.824809074 CET	53034	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:00.852483988 CET	53	57568	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:00.860137939 CET	53	50540	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:00.867681980 CET	53	54366	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:00.870913029 CET	53	53034	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:01.160064936 CET	57762	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:02.160619020 CET	57762	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:02.665169954 CET	50713	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:03.091357946 CET	53	57762	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:03.091610909 CET	53	50713	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:03.091655970 CET	56132	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:03.093272924 CET	53	57762	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:03.134955883 CET	53	56132	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:03.204333067 CET	58987	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:03.247423887 CET	53	58987	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:03.291222095 CET	56579	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:03.294513941 CET	60633	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:03.328443050 CET	53	56579	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:03.329843998 CET	53	60633	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:03.483350992 CET	61292	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:03.510334015 CET	53	61292	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:04.014174938 CET	63619	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:04.049756050 CET	53	63619	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:04.120042086 CET	64938	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:04.163924932 CET	53	64938	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:04.263333082 CET	61946	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:04.263392925 CET	64910	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:04.300681114 CET	53	64910	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:04.301878929 CET	53	61946	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:04.463423014 CET	52123	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:04.502764940 CET	53	52123	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:04.517299891 CET	56130	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:04.552943945 CET	53	56130	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:04.793066025 CET	56338	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:04.832989931 CET	53	56338	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:05.008367062 CET	59420	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:05.048350096 CET	53	59420	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:05.702831030 CET	55708	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:05.738452911 CET	53	55708	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:06.733381987 CET	56803	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:06.760451078 CET	53	56803	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:07.506639004 CET	57145	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:07.542382956 CET	53	57145	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:11.285548925 CET	49361	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:11.329598904 CET	53	49361	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:16.282207012 CET	63150	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:16.326236010 CET	53	63150	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:18.004467964 CET	53279	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:18.060739994 CET	53	53279	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:18.264220953 CET	56881	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:18.299947023 CET	53	56881	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:18.568053007 CET	53642	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:18.605452061 CET	53	53642	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:27.230169058 CET	55667	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:27.267561913 CET	53	55667	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:29.473234892 CET	54833	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:29.500588894 CET	53	54833	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:34.665478945 CET	62476	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:34.703038931 CET	53	62476	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:42.905239105 CET	61477	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:42.932420969 CET	53	61477	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:44.002190113 CET	61633	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:44.029278994 CET	53	61633	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:58.782092094 CET	55949	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:58.825881004 CET	53	55949	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:59.052094936 CET	49342	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:59.096843958 CET	53	49342	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:59.162720919 CET	56253	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:59.207012892 CET	53	56253	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:59.259741068 CET	49667	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:59.297601938 CET	53	49667	8.8.8.8	192.168.2.3
Nov 22, 2020 03:51:59.663115978 CET	55439	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:51:59.698910952 CET	53	55439	8.8.8.8	192.168.2.3
Nov 22, 2020 03:52:01.948326111 CET	57069	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:52:01.986423016 CET	53	57069	8.8.8.8	192.168.2.3
Nov 22, 2020 03:52:05.479089022 CET	57659	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:52:05.479649067 CET	54717	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:52:05.479681015 CET	63975	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:52:05.514889002 CET	53	57659	8.8.8.8	192.168.2.3
Nov 22, 2020 03:52:05.516957045 CET	53	54717	8.8.8.8	192.168.2.3
Nov 22, 2020 03:52:05.536056042 CET	53	63975	8.8.8.8	192.168.2.3
Nov 22, 2020 03:52:06.544200897 CET	56639	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:52:06.582926989 CET	53	56639	8.8.8.8	192.168.2.3
Nov 22, 2020 03:52:08.832063913 CET	51856	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:52:08.875437975 CET	53	51856	8.8.8.8	192.168.2.3
Nov 22, 2020 03:52:11.868434906 CET	56546	53	192.168.2.3	8.8.8.8
Nov 22, 2020 03:52:11.905935049 CET	53	56546	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Nov 22, 2020 03:51:00.824809074 CET	192.168.2.3	8.8.8.8	0xdbc2	Standard query (0)	hereforyoushop.com	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:03.291222095 CET	192.168.2.3	8.8.8.8	0x8908	Standard query (0)	cdn.shopify.com	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:04.014174938 CET	192.168.2.3	8.8.8.8	0x4b6b	Standard query (0)	monorail-edge.shopifysvc.com	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:04.263333082 CET	192.168.2.3	8.8.8.8	0xb759	Standard query (0)	s.pinimg.com	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:04.263392925 CET	192.168.2.3	8.8.8.8	0x8ae	Standard query (0)	connect.facebook.net	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:04.463423014 CET	192.168.2.3	8.8.8.8	0x534f	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:04.793066025 CET	192.168.2.3	8.8.8.8	0xd6f9	Standard query (0)	ct.pinterest.com	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:05.008367062 CET	192.168.2.3	8.8.8.8	0xea19	Standard query (0)	sellup.herokuapp.com	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:11.285548925 CET	192.168.2.3	8.8.8.8	0xd51d	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:18.004467964 CET	192.168.2.3	8.8.8.8	0xe603	Standard query (0)	www.recaptcha.net	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:34.665478945 CET	192.168.2.3	8.8.8.8	0x988e	Standard query (0)	cdn.shopify.com	A (IP address)	IN (0x0001)
Nov 22, 2020 03:52:01.948326111 CET	192.168.2.3	8.8.8.8	0x29c2	Standard query (0)	hereforyoushop.com	A (IP address)	IN (0x0001)
Nov 22, 2020 03:52:05.479649067 CET	192.168.2.3	8.8.8.8	0x2dbb	Standard query (0)	cdn.shopify.com	A (IP address)	IN (0x0001)
Nov 22, 2020 03:52:06.544200897 CET	192.168.2.3	8.8.8.8	0xa90b	Standard query (0)	monorail-edge.shopifysvc.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Nov 22, 2020 03:51:00.870913029 CET	8.8.8.8	192.168.2.3	0xdbc2	No error (0)	hereforyoushop.com		23.227.38.65	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:03.328443050 CET	8.8.8.8	192.168.2.3	0x8908	No error (0)	cdn.shopify.com	cdn.tm.shopifysvc.com		CNAME (Canonical name)	IN (0x0001)
Nov 22, 2020 03:51:03.328443050 CET	8.8.8.8	192.168.2.3	0x8908	No error (0)	cdn.tm.shopifysvc.com	cdn.shopify.com-v3.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Nov 22, 2020 03:51:04.049756050 CET	8.8.8.8	192.168.2.3	0x4b6b	No error (0)	monorail-edge.shopifysvc.com	monorail-edge.tm.shopifysvc.com		CNAME (Canonical name)	IN (0x0001)
Nov 22, 2020 03:51:04.049756050 CET	8.8.8.8	192.168.2.3	0x4b6b	No error (0)	monorail-edge.tm.shopifysvc.com	monorail-edge.shopifycloud.com		CNAME (Canonical name)	IN (0x0001)
Nov 22, 2020 03:51:04.049756050 CET	8.8.8.8	192.168.2.3	0x4b6b	No error (0)	monorail-edge.shopifycloud.com	monorail-production-web-apps-a-us-east1-2.shopifycloud.com		CNAME (Canonical name)	IN (0x0001)
Nov 22, 2020 03:51:04.049756050 CET	8.8.8.8	192.168.2.3	0x4b6b	No error (0)	monorail-production-web-apps-a-us-east1-2.shopifycloud.com		35.185.69.233	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:04.300681114 CET	8.8.8.8	192.168.2.3	0x8ae	No error (0)	connect.facebook.net	scontent.xx.fbcdn.net		CNAME (Canonical name)	IN (0x0001)
Nov 22, 2020 03:51:04.300681114 CET	8.8.8.8	192.168.2.3	0x8ae	No error (0)	scontent.xx.fbcdn.net		185.60.216.19	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:04.301878929 CET	8.8.8.8	192.168.2.3	0xb759	No error (0)	s.pinimg.com	s-pinimg-com.gslb.pinterest.com		CNAME (Canonical name)	IN (0x0001)
Nov 22, 2020 03:51:04.301878929 CET	8.8.8.8	192.168.2.3	0xb759	No error (0)	s-pinimg-com.gslb.pinterest.com	2-01-37d2-0006.cdx.cedexis.net		CNAME (Canonical name)	IN (0x0001)
Nov 22, 2020 03:51:04.502764940 CET	8.8.8.8	192.168.2.3	0x534f	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)
Nov 22, 2020 03:51:04.502764940 CET	8.8.8.8	192.168.2.3	0x534f	No error (0)	star-mini.c10r.facebook.com		185.60.216.35	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:04.832989931 CET	8.8.8.8	192.168.2.3	0xd6f9	No error (0)	ct.pinterest.com	www.pinterest.com		CNAME (Canonical name)	IN (0x0001)
Nov 22, 2020 03:51:04.832989931 CET	8.8.8.8	192.168.2.3	0xd6f9	No error (0)	www.pinterest.com	www.pinterest.com.gslb.pinterest.com		CNAME (Canonical name)	IN (0x0001)
Nov 22, 2020 03:51:04.832989931 CET	8.8.8.8	192.168.2.3	0xd6f9	No error (0)	www.pinterest.com.gslb.pinterest.com	2-01-37d2-0018.cdx.cedexis.net		CNAME (Canonical name)	IN (0x0001)
Nov 22, 2020 03:51:04.832989931 CET	8.8.8.8	192.168.2.3	0xd6f9	No error (0)	prod.pinterest.global.map.fastly.net		151.101.0.84	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:04.832989931 CET	8.8.8.8	192.168.2.3	0xd6f9	No error (0)	prod.pinterest.global.map.fastly.net		151.101.64.84	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:04.832989931 CET	8.8.8.8	192.168.2.3	0xd6f9	No error (0)	prod.pinterest.global.map.fastly.net		151.101.128.84	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:04.832989931 CET	8.8.8.8	192.168.2.3	0xd6f9	No error (0)	prod.pinterest.global.map.fastly.net		151.101.192.84	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:05.048350096 CET	8.8.8.8	192.168.2.3	0xea19	No error (0)	sellup.herokuapp.com		52.72.160.125	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:05.048350096 CET	8.8.8.8	192.168.2.3	0xea19	No error (0)	sellup.herokuapp.com		3.212.157.234	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:05.048350096 CET	8.8.8.8	192.168.2.3	0xea19	No error (0)	sellup.herokuapp.com		52.73.228.252	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:05.048350096 CET	8.8.8.8	192.168.2.3	0xea19	No error (0)	sellup.herokuapp.com		52.200.37.44	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:05.048350096 CET	8.8.8.8	192.168.2.3	0xea19	No error (0)	sellup.herokuapp.com		3.222.91.89	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:05.048350096 CET	8.8.8.8	192.168.2.3	0xea19	No error (0)	sellup.herokuapp.com		52.71.62.236	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:05.048350096 CET	8.8.8.8	192.168.2.3	0xea19	No error (0)	sellup.herokuapp.com		34.199.176.68	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:05.048350096 CET	8.8.8.8	192.168.2.3	0xea19	No error (0)	sellup.herokuapp.com		3.210.62.191	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:11.329598904 CET	8.8.8.8	192.168.2.3	0xd51d	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Nov 22, 2020 03:51:11.329598904 CET	8.8.8.8	192.168.2.3	0xd51d	No error (0)	googlehosted.l.googleusercontent.com		172.217.16.193	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:18.060739994 CET	8.8.8.8	192.168.2.3	0xe603	No error (0)	www.recaptcha.net		142.250.74.195	A (IP address)	IN (0x0001)
Nov 22, 2020 03:51:34.703038931 CET	8.8.8.8	192.168.2.3	0x988e	No error (0)	cdn.shopify.com	cdn.tm.shopifysvc.com		CNAME (Canonical name)	IN (0x0001)
Nov 22, 2020 03:51:34.703038931 CET	8.8.8.8	192.168.2.3	0x988e	No error (0)	cdn.tm.shopifysvc.com	cdn.shopify.com-v3.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Nov 22, 2020 03:52:01.986423016 CET	8.8.8.8	192.168.2.3	0x29c2	No error (0)	hereforyoushop.com		23.227.38.65	A (IP address)	IN (0x0001)
Nov 22, 2020 03:52:05.516957045 CET	8.8.8.8	192.168.2.3	0x2dbb	No error (0)	cdn.shopify.com	cdn.tm.shopifysvc.com		CNAME (Canonical name)	IN (0x0001)
Nov 22, 2020 03:52:05.516957045 CET	8.8.8.8	192.168.2.3	0x2dbb	No error (0)	cdn.tm.shopifysvc.com	tls13.shopify.map.fastly.net		CNAME (Canonical name)	IN (0x0001)
Nov 22, 2020 03:52:05.516957045 CET	8.8.8.8	192.168.2.3	0x2dbb	No error (0)	tls13.shopify.map.fastly.net		151.101.1.12	A (IP address)	IN (0x0001)
Nov 22, 2020 03:52:05.516957045 CET	8.8.8.8	192.168.2.3	0x2dbb	No error (0)	tls13.shopify.map.fastly.net		151.101.65.12	A (IP address)	IN (0x0001)
Nov 22, 2020 03:52:05.516957045 CET	8.8.8.8	192.168.2.3	0x2dbb	No error (0)	tls13.shopify.map.fastly.net		151.101.129.12	A (IP address)	IN (0x0001)
Nov 22, 2020 03:52:05.516957045 CET	8.8.8.8	192.168.2.3	0x2dbb	No error (0)	tls13.shopify.map.fastly.net		151.101.193.12	A (IP address)	IN (0x0001)
Nov 22, 2020 03:52:06.582926989 CET	8.8.8.8	192.168.2.3	0xa90b	No error (0)	monorail-edge.shopifysvc.com	monorail-edge.tm.shopifysvc.com		CNAME (Canonical name)	IN (0x0001)
Nov 22, 2020 03:52:06.582926989 CET	8.8.8.8	192.168.2.3	0xa90b	No error (0)	monorail-edge.tm.shopifysvc.com	monorail-edge.shopifycloud.com		CNAME (Canonical name)	IN (0x0001)
Nov 22, 2020 03:52:06.582926989 CET	8.8.8.8	192.168.2.3	0xa90b	No error (0)	monorail-edge.shopifycloud.com	monorail-production-web-apps-a-us-east1-2.shopifycloud.com		CNAME (Canonical name)	IN (0x0001)
Nov 22, 2020 03:52:06.582926989 CET	8.8.8.8	192.168.2.3	0xa90b	No error (0)	monorail-production-web-apps-a-us-east1-2.shopifycloud.com		35.185.69.233	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Nov 22, 2020 03:51:04.875298977 CET	151.101.0.84	443	192.168.2.3	49754	CN=*.pinterest.com, O="Pinterest, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jul 16 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013	Wed Aug 04 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
Nov 22, 2020 03:51:04.875298977 CET	151.101.0.84	443	192.168.2.3	49754	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Oct 22 14:00:00 CEST 2013	Sun Oct 22 14:00:00 CEST 2028		b32309a26951912be7dba376398abc3b
Nov 22, 2020 03:51:04.875794888 CET	151.101.0.84	443	192.168.2.3	49755	CN=*.pinterest.com, O="Pinterest, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jul 16 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013	Wed Aug 04 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
Nov 22, 2020 03:51:04.875794888 CET	151.101.0.84	443	192.168.2.3	49755	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Oct 22 14:00:00 CEST 2013	Sun Oct 22 14:00:00 CEST 2028		b32309a26951912be7dba376398abc3b
Nov 22, 2020 03:51:04.875983953 CET	151.101.0.84	443	192.168.2.3	49756	CN=*.pinterest.com, O="Pinterest, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jul 16 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013	Wed Aug 04 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
Nov 22, 2020 03:51:04.875983953 CET	151.101.0.84	443	192.168.2.3	49756	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Oct 22 14:00:00 CEST 2013	Sun Oct 22 14:00:00 CEST 2028		b32309a26951912be7dba376398abc3b
Nov 22, 2020 03:51:05.018979073 CET	151.101.0.84	443	192.168.2.3	49757	CN=*.pinterest.com, O="Pinterest, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jul 16 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013	Wed Aug 04 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
Nov 22, 2020 03:51:05.018979073 CET	151.101.0.84	443	192.168.2.3	49757	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Oct 22 14:00:00 CEST 2013	Sun Oct 22 14:00:00 CEST 2028		b32309a26951912be7dba376398abc3b
Nov 22, 2020 03:51:05.257493973 CET	52.72.160.125	443	192.168.2.3	49759	CN=*.herokuapp.com, O="Heroku, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Jun 15 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013 Fri Nov 10 01:00:00 CET 2006	Wed Jul 07 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028 Mon Nov 10 01:00:00 CET 2031	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
					CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Oct 22 14:00:00 CEST 2013	Sun Oct 22 14:00:00 CEST 2028
					CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
Nov 22, 2020 03:51:05.258423090 CET	52.72.160.125	443	192.168.2.3	49760	CN=*.herokuapp.com, O="Heroku, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Jun 15 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013 Fri Nov 10 01:00:00 CET 2006	Wed Jul 07 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028 Mon Nov 10 01:00:00 CET 2031	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
					CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Oct 22 14:00:00 CEST 2013	Sun Oct 22 14:00:00 CEST 2028
					CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
Nov 22, 2020 03:51:24.488399982 CET	52.72.160.125	443	192.168.2.3	49808	CN=*.herokuapp.com, O="Heroku, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Jun 15 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013 Fri Nov 10 01:00:00 CET 2006	Wed Jul 07 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028 Mon Nov 10 01:00:00 CET 2031	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
					CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Oct 22 14:00:00 CEST 2013	Sun Oct 22 14:00:00 CEST 2028
					CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exe PID: 5296 Parent PID: 996

General

Start time:	03:50:57
Start date:	22/11/2020
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized 'https://hereforyoushop.com/'
Imagebase:	0x7ff77b960000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: chrome.exe PID: 5768 Parent PID: 5296

General

Start time:	03:50:58
Start date:	22/11/2020
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,3476142158133594979,17999344869319396226,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1724 /prefetch:8
Imagebase:	0x7ff77b960000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Disassembly

Reset < >

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Network device logs, Network intrusion detection system, Packet capture, Process use of network, SSL/TLS inspection, Web proxy
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://hereforyoushop.com/

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Phishing:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: chrome.exe PID: 5296 Parent PID: 996

General

Analysis Process: chrome.exe PID: 5768 Parent PID: 5296

General

Disassembly