Edit tour

Windows Analysis Report
https://flibusta.is

Overview

General Information

Sample URL:	https://flibusta.is
Analysis ID:	1328307

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

HTML title does not match URL

Creates files inside the system directory

Uses insecure TLS / SSL version for HTTPS connection

Submit button contains javascript call

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6540 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://flibusta.is/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5360 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2008,i,3880477504517326475,17750741250645564435,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• Phishing
• Compliance
• Software Vulnerabilities
• Networking
• System Summary
• Boot Survival

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://flibusta.is/

HTTP Parser: Title: | does not match URL

Source: https://flibusta.is/	HTTP Parser: On click: onKnapsackList()
Source: https://flibusta.is/	HTTP Parser: On click: onKnapsackClear()

Source: https://flibusta.is/

HTTP Parser: <input type="password" .../> found

Source: https://flibusta.is/

HTTP Parser: No <meta name="author".. found

Source: https://flibusta.is/

HTTP Parser: No <meta name="copyright".. found

Source: unknown

HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49773 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49779 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 13MB later: 27MB

Source: unknown

HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49773 version: TLS 1.0

Source: unknown

DNS traffic detected: queries for: flibusta.is

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.214
Source: unknown	TCP traffic detected without corresponding DNS query: 8.252.109.126
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86

Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49779 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_6540_426949699

Source: classification engine

Classification label: clean2.win@15/61@12/107

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://flibusta.is/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2008,i,3880477504517326475,17750741250645564435,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2008,i,3880477504517326475,17750741250645564435,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Scripting	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	1 Extra Window Memory Injection	1 Scripting	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Extra Window Memory Injection	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://flibusta.is	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	142.251.2.84	true	false	high
www.google.com	142.251.2.103	true	false	high
clients.l.google.com	142.251.2.113	true	false	high
flibusta.is	179.43.150.83	true	false	high
clients1.google.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://flibusta.is/	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.251.2.103	www.google.com	United States	15169	GOOGLEUS	false
142.251.2.113	clients.l.google.com	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
74.125.137.95	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.2.139	unknown	United States	15169	GOOGLEUS	false
142.251.2.84	accounts.google.com	United States	15169	GOOGLEUS	false
179.43.150.83	flibusta.is	Panama	51852	PLI-ASCH	false
142.251.2.94	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1328307
Start date and time:	2023-10-18 20:51:10 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://flibusta.is
Analysis system description:	Windows 10 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@15/61@12/107

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 142.251.2.94, 34.104.35.123, 74.125.137.95, 142.251.2.95
Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, content-autofill.googleapis.com, clientservices.googleapis.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://flibusta.is

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 18 17:51:41 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.97414722029057
Encrypted:	false
SSDEEP:
MD5:	9E87C5A227F27351D711248715489C94
SHA1:	503CF032B4036B3F073AB7E5E82BFD49E824F855
SHA-256:	92C51AF07FAEAFC0E58308B6AB0DEEF9E54F4FA1BD2FFE9DD09C085C1E9B8E37
SHA-512:	63B50032492AA22F3D2A773ACB5D244A2B556CCC8620740D941B6106BF12DB9930E6260751EBE3668AFF5C465F053498EA3FD9443A927A49FC8981551AE8E739
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....9.."....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IRWl.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VRWt.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VRWt.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VRWt............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VRWu............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........DEx+.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 18 17:51:41 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9888935570288107
Encrypted:	false
SSDEEP:
MD5:	8AF56CB7D33C6D3593E3351E62899418
SHA1:	AF9C649CC03560E33F87DF4ABA9F59EF22F8B1C3
SHA-256:	4DD1DFBC7D5897DAEF69310C657E1650C9726CAFBED50915583E2311E38D04FB
SHA-512:	019413048DB7B2DE2677101A08E86AAEB69E2BCF5D072CDF2C0A1C6950026BAB7913A2E0FDE576F40148D2EF4B4E5F5D180372727BC2DC2600FA35E9B22CD963
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....Qm."....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IRWl.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VRWt.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VRWt.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VRWt............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VRWu............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........DEx+.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	3.998284887774174
Encrypted:	false
SSDEEP:
MD5:	29CF6B92C13F73D985920C0263634250
SHA1:	581446F70C6CBEAA14E855AFFB04FC1F6F21B9BB
SHA-256:	4F22994D35454DBE82FDD0D7D12A7B0DA4313E167C1D1FBFAEC7AF7EFA882172
SHA-512:	ED672343EC9A58CF149D84D9EF6B8B9134BC439CC0187B3A014C0794901B0437BF285FE766178FFE2E339258F5CF058BD4BB659E47799DE7A007023B77304370
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IRWl.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VRWt.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VRWt.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VRWt............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........DEx+.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 18 17:51:41 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.987475112795481
Encrypted:	false
SSDEEP:
MD5:	B484639F36D0D9B4A881EEB27AF67286
SHA1:	3AF045E73669D2B4508C73A23987BA4FEB90F9BD
SHA-256:	0D790E3244BFB00092D5FF83E9CA1186CB65811843543A51141925AB1ADC15BB
SHA-512:	4DF1C254C0A6AC9C83708C4CB7817E88FC83FBB1FCFA77368986234AF57F76523EDD7F7D4778E4D253E8A5C387AC43C6E2A08DE13756257DD89CCD4374095351
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....7.."....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IRWl.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VRWt.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VRWt.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VRWt............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VRWu............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........DEx+.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 18 17:51:41 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9746200434684567
Encrypted:	false
SSDEEP:
MD5:	F63476021E178E49E503675463E03369
SHA1:	0F5CDC6A423B99477C29F02C836B15747B03BC7E
SHA-256:	5F84999076864642F8B0C18300D224A66B45F9A45376CE241B0610828FB1386A
SHA-512:	C8A7BE3E99722F95B10CD3313A5E936618791F9DA8C343F0914550C5718233DDEC763BC8470EEA92E348792D74E3916C705B482069FBE9C096F4D32EFD06604D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....h(."....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IRWl.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VRWt.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VRWt.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VRWt............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VRWu............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........DEx+.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 18 17:51:41 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9881355701005203
Encrypted:	false
SSDEEP:
MD5:	388E1F98842022AD3E3D5821BCBE45D3
SHA1:	4BC84CD21CD8C0BB2E8EEEDB53140F10590CB71C
SHA-256:	702E83EC4D79BEF1E225F99E9208BD0214F6524B277C500ECE48D5913440E814
SHA-512:	303A37516D611D1707C266CD23E0959CB87CA0F7EFD27ADEFBA39A56A285D9D78E15261CF148318A50656981E0C7D1D02364C51CF145053C5A2DD06A6D02819A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......!....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IRWl.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VRWt.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VRWt.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VRWt............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VRWu............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........DEx+.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	68
Entropy (8bit):	4.829391149755713
Encrypted:	false
SSDEEP:
MD5:	735809F4AB01EE8D8103D9B6F170979C
SHA1:	6C6F3E097935C13456026C2ED8E861D64EC706E0
SHA-256:	11507BCE47E68F88EB1C7FB2C94A62C0053A3F0FBAACDD51512C2BD2CC5F7EEB
SHA-512:	0835A0BF50754912FC9B23F380A12361A9D8ED6A00F281D6818EC682931B9DB971B845F9A18507074E7F6A367729F4664F7228C64CFA76B74A063A2EAE87D41D
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAklvIggwJArghIFDRgBEG0SHgmy-KqrTqPk0RIFDaVS4OQSBQ2UVPrPEgUNxZPEJA==?alt=proto
Preview:	CgkKBw0YARBtGgAKJQoHDaVS4OQaAAoNDZRU+s8aBAhWGAIgAQoLDcWTxCQaBAhLGAI=

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 10 x 10
Category:	dropped
Size (bytes):	176
Entropy (8bit):	5.4382213206481
Encrypted:	false
SSDEEP:
MD5:	425D448FD84B9F7B0ADC3230CFAB9C98
SHA1:	4B836BEC12A855356BAFAB7F5F9548D8A981C2E0
SHA-256:	B4E545D7AF5622814EF6DA2F4ACA4F1CE46077BB9C1641761C2398EAF661D8C9
SHA-512:	7AA3135171A1A324455D3B90994150B5D964DCA94213260A87F26FED35F0FECC03D4A1C2A946B449F26556E48D7C377D60B50B1786410D2C36E6B3D7A9836C97
Malicious:	false
Reputation:	low
Preview:	GIF89a....................................................................................................!.......,..........-.%NbY..B..U1.1.n%..R.U.!......{.DcW..f.....UC.;

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (949), with CRLF, CR, LF line terminators
Category:	downloaded
Size (bytes):	48976
Entropy (8bit):	5.484068670053558
Encrypted:	false
SSDEEP:
MD5:	8D4E1EA2024E2561125BD32FE5E8BEF6
SHA1:	68F63BEE10DEB4BE6FBAB3CFC23D00B334E98C15
SHA-256:	B207B49176653CA00DD73FEA0FBC785BA50034D0C4D20FAA455390509D4A80CB
SHA-512:	0ED05E667360FDDFB00886D3D1B96A40994577A84D9C9C1E79093FC2116AD5B55082F5F7683EF7582310D1E497781765C6E2E0C753717FE7614CF875C4752ABE
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" lang="ru" xml:lang="ru">..<head>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />. <title>........ \| ....... ........</title>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<link href="/opds" type="application/atom+xml;profile=opds-catalog" rel="related" />.<link rel="alternate" type="application/rss+xml" title="........ RSS" href="http://flibusta.is/rss.xml" />.<link rel="shortcut icon" href="/sites/default/files/bluebreeze_favicon.ico" type="image/x-icon" />.<link rel="apple-touch-icon" href="/sites/default/files/bluebreeze_favicon.ico"/>.<link rel="search" type="application/opensearchdescription+xml" href="/opensearch.xml" title="..... .... .. ........" />. <link type="text/css" rel="stylesheet" media="all" href="/sites/default/files/cs

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (12297)
Category:	downloaded
Size (bytes):	25949
Entropy (8bit):	5.1012000004408335
Encrypted:	false
SSDEEP:
MD5:	B67AF275AE904669EF9E6EA8468EECE2
SHA1:	C38330C1CC4FC93FB2D3ABEF964DB2845205C93E
SHA-256:	361840FBEE3B0726B5F0F5BBFE37E13BDAB8C3C873D643A45B56C5E37C8D2A86
SHA-512:	D96129006CE245B7356042CD1184C3A428B00824052FBB7B4298D5B9892F705C6E8721C47DA3CA2DC011A9B20099092C247A5CE8988253E18E53841A619BC928
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/sites/default/files/css/css_541b6da58ae4dff17f932324504056f9.css
Preview:	.ctools-locked{color:red;border:1px solid red;padding:1em;}.ctools-owns-lock{background:#FFFFDD none repeat scroll 0 0;border:1px solid #F0C020;padding:1em;}a.ctools-ajaxing,input.ctools-ajaxing,button.ctools-ajaxing,select.ctools-ajaxing{padding-right:18px !important;background:url(/modules/ctools/images/status-active.gif) right center no-repeat;}div.ctools-ajaxing{float:left;width:18px;background:url(/modules/ctools/images/status-active.gif) center center no-repeat;}.input.button{border:solid #d1dbec;background-color:#fbfcfe;}.genre{color:#6C7A8D;}p.genre{margin-bottom:0pt;}a.genre{margin-bottom:0pt;margin-top:0pt;font-size:90%;}.h8{color:#00008B;margin-top:4pt;font-size:90%;}.size{color:#bbbbbb;}#sidebar-right{word-wrap:break-word;overflow:hidden;}.sidebar .collapser{float:left;position:relative;cursor:pointer;color:#A7A7A7;display:inline;font:normal normal normal 9px/10px 'Courier New','Lucida Console','BatangChe',monospace;margin:10px -8px 8px 4px;}.sidebar .collapser .selected{co

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 12 x 12, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	217
Entropy (8bit):	5.998781978777057
Encrypted:	false
SSDEEP:
MD5:	8D9BF08FD425987D3F57E2398268D592
SHA1:	E6A9EDCDE4841614FDC478A66F15FB5B8DE52DDD
SHA-256:	D9C38AE14826741460E5075D62C883671E6D3CE12FDFAF8C0398B9CDE962DDBD
SHA-512:	5D74A6946636691B1C4EFE59EA3443CE115E1ACD5CC9762B4273ED1E8B6E3377C82784A7EF4273581C068C8DAADB8FDAFD2EBA8DC07ED4F07F26A1ACC2071AE8
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............a.......gAMA.....OX2....tEXtSoftware.Adobe ImageReadyq.e<....PLTE...eee.........).......tRNS........S...?IDATx.\.A..0....o^...:...H..J.@\j..y.4Y.d,.o..^...;EF..-.<...Nc..........IEND.B`.

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
Category:	downloaded
Size (bytes):	7406
Entropy (8bit):	5.676304812582012
Encrypted:	false
SSDEEP:
MD5:	E53FF87AC4FE1B1B7B1185CEB748E605
SHA1:	E4F56E2213B9F4C3CFEDD6307ADE955DD4C400AD
SHA-256:	2ACABE7AF8813C05542CE5CE3C0C61249E63C7D890A88890E1D6A4F6DC2783E2
SHA-512:	E6B00D811E265242CF770E31691C4A2F1A3E72298041A2BFA19EBC2BA314D7FB6684EDA427053BDC2B033B753773335D532C31725E2FB2447E5C6C63A12BCC09
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/sites/default/files/bluebreeze_favicon.ico
Preview:	......00..........6... ......................h.......(...0...`..............................................................................................""".))).UUU.MMM.BBB.999..\|..PP........................3...f..........3...33..3f..3...3...3...f...f3..ff..f...f...f........3...f...................3...f..............f.........3...3.3.3.f.3...3...3...33..333.33f.33..33..33..3f..3f3.3ff.3f..3f..3f..3...3.3.3.f.3...3...3...3...3.3.3.f.3..3...3...3.3.3.f.3...3...3...f...f.3.f.f.f...f...f...f3..f33.f3f.f3..f3..f3..ff..ff3.fff.ff..ff..f...f.3.f.f.f...f...f...f...f.3.f..f...f...f...f.3.f...f................3...............33...f..3.......f...f3..3f..f...f...3....3...f...................3.f.f..................3...f...................3...f..........3...33..3f..3...3...3...f...f3..ff..f...f...f......3..f................3...f..................3...f...............3...f......3...33..3f..3...3...3...f...f3..ff..f...f...f........3...f...................3...f..............3...f.......

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 106 x 102, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13172
Entropy (8bit):	7.971202819194302
Encrypted:	false
SSDEEP:
MD5:	E779897B41DF9C713A2D36858E0C8D37
SHA1:	4DE0763596E25801B927951527560B7ED7DF7448
SHA-256:	6EBB99F44B593382DE6CFBF5A66E1E4EB5F56C4061DCBB889C4E741BDA853CB3
SHA-512:	518F18514DFE26D6E8E637A14A7AC432F1BA08EF9B2F2E4D97E7F165A84432B78274F4AF01F411810ADDC004EECC384C8645F27FF6B3FAD9709010ACBFC448B1
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...j...f.....#.......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 10 x 10
Category:	downloaded
Size (bytes):	183
Entropy (8bit):	5.411126887133346
Encrypted:	false
SSDEEP:
MD5:	25894D2FAC9193BA2FE70F477ABE8C8C
SHA1:	F03B5D96A042F3CCC1D7A71E254E6F7EEC2EA2FE
SHA-256:	AA76185F417CF85D7029B35E3A6544D4495402E17F76A32633B5BA80A81FAA26
SHA-512:	0FAE41D431111D84F26134A4152885BD7CC6C471731A183FCAD0A7D8E66466BB8CF43EE95BEFF35542F2B76859C4C86A7DB1E50542FBBC88F485BF4E7D0FDCE4
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/themes/bluebreeze/images/menu-expanded.gif
Preview:	GIF89a......................................................................................................!.......,..........4 %.di...J.@-O1.S.,..S2...d.i.F...A .....Pb(....p ...;

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32132)
Category:	downloaded
Size (bytes):	130013
Entropy (8bit):	5.4582341653809525
Encrypted:	false
SSDEEP:
MD5:	D7E26AE24FF4473FB85A30FE803647ED
SHA1:	AA02BBDDCA0CF04EB43863EC57C1CC5CDFEA62BA
SHA-256:	FCA8FF51021749135F2CC6BA7A37015BAA645DE15908D1D318A1E376A3D376DE
SHA-512:	4DFD44CD3990E59094A0D749CE552ABA5453C2ECAFC53590C72631798B2DDC78FB97D722F00364A5B6437719690A48EA5E2B17D2AC44E71336F7A900A755DD8F
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/sites/default/files/js/js_65bd89c41ff1e065c43cc27e23c28553.js
Preview:	/! jQuery v1.9.0 \| (c) 2005, 2012 jQuery Foundation, Inc. \| jquery.org/license /(function(e,t){"use strict";function n(e){var t=e.length,n=st.type(e);return st.isWindow(e)?!1:1===e.nodeType&&t?!0:"array"===n\|\|"function"!==n&&(0===t\|\|"number"==typeof t&&t>0&&t-1 in e)}function r(e){var t=Tt[e]={};return st.each(e.match(lt)\|\|[],function(e,n){t[n]=!0}),t}function i(e,n,r,i){if(st.acceptData(e)){var o,a,s=st.expando,u="string"==typeof n,l=e.nodeType,c=l?st.cache:e,f=l?e[s]:e[s]&&s;if(f&&c[f]&&(i\|\|c[f].data)\|\|!u\|\|r!==t)return f\|\|(l?e[s]=f=K.pop()\|\|st.guid++:f=s),c[f]\|\|(c[f]={},l\|\|(c[f].toJSON=st.noop)),("object"==typeof n\|\|"function"==typeof n)&&(i?c[f]=st.extend(c[f],n):c[f].data=st.extend(c[f].data,n)),o=c[f],i\|\|(o.data\|\|(o.data={}),o=o.data),r!==t&&(o[st.camelCase(n)]=r),u?(a=o[n],null==a&&(a=o[st.camelCase(n)])):a=o,a}}function o(e,t,n){if(st.acceptData(e)){var r,i,o,a=e.nodeType,u=a?st.cache:e,l=a?e[st.expando]:st.expando;if(u[l]){if(t&&(r=n?u[l]:u[l].data)){st.isArray(t)?t=t.concat(

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 60 x 85, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	9786
Entropy (8bit):	7.975290462968955
Encrypted:	false
SSDEEP:
MD5:	4C4B624CFB5859215773EABFF0FF5A4E
SHA1:	198A4AC76FAC91BA60108BB0D74F785B34AEAA78
SHA-256:	21DF33FEC94D7AEB3A5EEA73AF3F7400D4490AC3600E815B3FD4F7E140293C48
SHA-512:	253753221A601DF50707648DE1CC86A4330F1DDD46199E4DD70C5891BD42460986DC832DA0BAD06505C4DAAF112B719ED747407C26700AF133CF7D406BE43547
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/sites/default/files/pictures/picture-2215.png
Preview:	.PNG........IHDR...<...U.............pHYs..........+.... .IDATx..wtUU.....W.{....;....."EQ.....u,..m.cgDA...3J......;.!.........r.=.././//........}.....{.}..>.@...u[ .l1...u....u0......P...B4.j........mM.t......@.W.....r.\..."..1..u.q.s]._.wM..^..`.\......~0M8.N4......_.....h....._...........cde.FUU.^..+.5.@i..........7.\|..?..2..kh........5..g....a.....5W2G......T..ap..Y...j...-7x....BAJ.M.9\|.7N.<AEE....c..A..oc..J..e.FJ.........=..q..2y.6...=''...~...(*.J.<h ...............!.j........<^y.%6....."....q...az~...~....z.&.....D..9q.$...kr.r...W.^h....2H.i#K..s.<...._....$u...\|......Z...`....:R5c..0..s...1...}.n.. Z..$j...o/2x.`....O.7.....+)`Z....p.U........s.>.S..KF..M..8..`...nh(..R...Z.......<.0f...i......~.....v.X#....J@...@..Rb...-.../.B....w.j.0.i.v$...z.h.<..K.q;...-.FFQ..>..9..LYI)......F.i..>.!ZWy......[./.U'M.j..+o..K._..c.......A..].;.w.EFc5..L.dV..I...P$.P.....#.C.1f?.{.........[.......`...(.`.3..W..2_......s.._...Yo`...j....'N....s..n.

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 4 x 58
Category:	downloaded
Size (bytes):	336
Entropy (8bit):	5.655097435462162
Encrypted:	false
SSDEEP:
MD5:	F49608CBCFFCE79711A571458B8A3AD0
SHA1:	3F63C612B34126E9315AD44431101F834E691256
SHA-256:	1A86CB3BD758183CE508342C916AA1320293D578FB6D7F327393BD6470C6FC86
SHA-512:	2CCE85B5AF8BFCBC855D775FE1A931E76633286A1E09F88EC28D24F3546143DD2B3A5BBF05328290A025715DEABA2294CFD222108A6EE155E5E882FCE3C80D82
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/themes/bluebreeze/images/bg-mission.gif
Preview:	GIF89a..:................................................................................................................................................................................................!.....!.,......:...m@.pH,...r).8#...B.....v".J...al..+.4..(..<..#2..f.../..................... . ............................A.;

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 11 x 11, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	993
Entropy (8bit):	1.833920658229818
Encrypted:	false
SSDEEP:
MD5:	6C840882A886BD1B47DF88A1F758C15E
SHA1:	FA16F0DEE162C447528CAC3A54099089E1CDC75D
SHA-256:	927D4A032E4576A8CCA81944A5D1DC2983BB7F51BF771A4F16644970DADD084A
SHA-512:	5A14D9D4629C3100A31B9CE507995BF377D7CE60F113328C60B2E618048328F1A844D1D778A9873D7223FB9807E682282357B270B0D692FB20E01BF4A9F7517E
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/themes/bluebreeze/images/mini-readmore.png
Preview:	.PNG........IHDR..............r......pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F....PLTE......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................tRNS........S...:IDATx.d....1..o.../R$.S!d...Y.L...2E.+....L9qo.?........E.30t......IEND.B`.

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 18
Category:	dropped
Size (bytes):	146
Entropy (8bit):	4.193340082508955
Encrypted:	false
SSDEEP:
MD5:	30FA0931C114A5549012597C25D6BB33
SHA1:	3DB0AB43846C59B82ED258698971FA82604DFF55
SHA-256:	DFCEA52BA20178B53F04AA15DD3AC627061DEF92702459E3AFDF5DC2910138A6
SHA-512:	B89B79823B144032868714282E338CEF2E284B279DE175A55861F258F509CA71645B99D0ABB63DCD9DDA82C94A6EF4DADDCB4C59584D4040DB75ADCD8CD104C5
Malicious:	false
Reputation:	low
Preview:	GIF89a.......................................................................................................!.......,............2.@a0H..I.(.p..;

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	223
Entropy (8bit):	6.419554768284562
Encrypted:	false
SSDEEP:
MD5:	94C42D595CBF5EA3F46AE088FE8E4D05
SHA1:	AE5F56C832628B7EC909973ADB600BF3B2A67D44
SHA-256:	D4247ED30734F69D609692CC4278B576470108373ACC75AE3A5E4DBA20457CF1
SHA-512:	81C8D500343BAB6842AC7DC94DA03D540D5DE28FCE17346BD746E1D390D5B5D5CDC4D6FC5D2C6589FE2956DB2633E6AD6BDDCC4450160CF2A2A9CF9ADB32D4C8
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/modules/openid/login-bg.png
Preview:	.PNG........IHDR................a....bKGD..............IDAT8.c`.%..-..........Sb....p..!y .... .3....C..k....P\|..G2..*..?...qi......h..G6.=.f,.....j...0S...D$..'...$W...4I..r>zH..6$=!A]....oZ]....g.......$a.F.....IEND.B`.

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	818
Entropy (8bit):	5.3259444444491795
Encrypted:	false
SSDEEP:
MD5:	246482C8312290AB4C85324238CD3604
SHA1:	3864B13037E2B75E25AEB14A18D719A5682D5175
SHA-256:	C937B51C1FC0603EC75EA04846AF8F21965703ED9A6490B2C701E37450F4F9EA
SHA-512:	A7947F9698CAA6234B71BB6D657B5088D5A5CAEC1C8A346C8B07B17E2F02A0036D39B828107D1DAC482B1361CF21EF6AB365F0CC451D658BB8E2A3C2726A51A0
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/opensearch.xml
Preview:	<?xml version="1.0" encoding="UTF-8"?>. <OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/">. <ShortName>........</ShortName>. <Description>....... ........</Description>. <Tags></Tags>. <Contact></Contact>. <Url type="text/html" method="get" template="http://flibusta.is/booksearch?ask={searchTerms}"/>. <SearchForm>http://flibusta.is/booksearch</SearchForm>. <LongName>........</LongName>. <Image width="16" height="16">http://flibusta.is/sites/default/files/favicon.ico</Image>. <Developer></Developer>. <Attribution></Attribution>. <SyndicationRight>open</SyndicationRight>. <AdultContent>false</AdultContent>. <Language>*</Language>. <OutputEncoding>UTF-8</OutputEncoding>. <InputEncoding>UTF-8</InputEncoding>. </OpenSearchDescription>

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 9 x 9
Category:	dropped
Size (bytes):	175
Entropy (8bit):	5.27608754003288
Encrypted:	false
SSDEEP:
MD5:	B2AB64A6179918A01B296309FD2367EA
SHA1:	639CAD06E76FEE62F0FB08B1EC5B590C8E45C1E1
SHA-256:	913E0BFF2EBDFD8AA46E82E8282910638F68FDB9F56F447F1F6B259F3FE5E539
SHA-512:	7970BFD74F670B2C19A341800564B16E7BCD6E7E36F8748FA1B28D3BD2938C3A1BC4C7A50CDA35B213A7083347D1CAB82692CAA3B58B3D4443512277D52E234A
Malicious:	false
Reputation:	low
Preview:	GIF89a....................................................................................................!.......,.........., %.$.......@..1.K#..=A..........0.1....D...;

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 3 x 37
Category:	downloaded
Size (bytes):	187
Entropy (8bit):	6.262635635988012
Encrypted:	false
SSDEEP:
MD5:	62A2C1FEE85D71A64391299B872CD120
SHA1:	937A905033D5DD1BA42CEAAFA0CF36FE3BCBFA2B
SHA-256:	F739D2729F1FD478C855BEF64B16D83AB8524E6068651CA4325E47CCCA7AA1BC
SHA-512:	CEB9DB1A92785DBEE966EF5DE7F3DCB5C41462A4FA2340984C56AF8B3ED8E2EF09C15D787698F789308B5578FF834C0A7D3AC1DDF4ED1D60EA810F7B8394402D
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/themes/bluebreeze/images/bg-footer.gif
Preview:	GIF89a..%....s........................................................................................!.......,......%...8.$.\..P..Z.Y...c.x~.M.;@.pAd.).R.L8'P..@.X..V.%x.`.8..;

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1196 x 91
Category:	dropped
Size (bytes):	41297
Entropy (8bit):	7.95984906491549
Encrypted:	false
SSDEEP:
MD5:	10BE2612F3D4FA340DE93DB5EE798F1E
SHA1:	42FF13C108A3287B3C6948D1816C1810DF5C70E5
SHA-256:	D5382A54699A1E6984F8D16C12B2874C57D7DA68E7DC4999A2423CBE1F56A419
SHA-512:	C9F6AD1220B1147DDC7E48BE4AA5970701CC48D6FA57B6A32F63A8255CE014FC19D0971CE7DADDAAF4B278D9137A49F1DF3D223B986601128814E4FC38F0A41B
Malicious:	false
Reputation:	low
Preview:	GIF89a..[.........3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U......3..f..............3..f..............3..f.............3..f.........3..3.33.f3..3..3..3+.3+33+f3+.3+.3+.3U.3U33Uf3U.3U.3U.3..3.33.f3..3..3..3..3.33.f3..3..3..3..3.33.f3.3..3..3..3.33.f3..3..3..f..f.3f.ff..f..f..f+.f+3f+ff+.f+.f+.fU.fU3fUffU.fU.fU.f..f.3f.ff..f..f..f..f.3f.ff..f..f..f..f.3f.ff.f..f..f..f.3f.ff..f..f.......3..f.........+..+3.+f.+..+.+..U..U3.Uf.U..U.U......3..f.............3..f.............3..f............3..f.............3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U....3.f.........3.f...........3..f.............3..f..............3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U......3..f..............3..f..............3..f.............3..f.....................!.......,......[...............Y......H....3j..!. .....c.&GN...`K....r..5k.S.&K.p.*..e(8C.&E.GiS.J.".jG...p..........b...(.e.jJ..j.I...J...;sA.%.w Y..B..L8T`;......j.M..F....&.5U...2..?{.,.s(.Q.....g.

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS5.1 Windows, datetime=2015:06:27 10:03:40], baseline, precision 8, 64x62, components 3
Category:	downloaded
Size (bytes):	18861
Entropy (8bit):	6.876624410087651
Encrypted:	false
SSDEEP:
MD5:	DF6D067164CFDDFD441FCA1C63D31D38
SHA1:	835412BC3E66DDEB63FE01101D7E94936D4A543C
SHA-256:	2C2060515661C8DD445E9E91AF883870CF94B124DF84CAD2A4AB28DB8EA67446
SHA-512:	CEB766FCB8EAE2BAE4C84E28F9697B0206C6C26AC9BF9062D1C7B4F92B80613240B45CFBC5C411E2C82CBF422D75C9C06BBA114A3586C56023321A92C2B74314
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/sites/default/files/pictures/picture-8052.jpg
Preview:	......Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CS5.1 Windows.2015:06:27 10:03:40..........................@...........>...........................................&.(.................................~.......H.......H.........XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch....

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	12754
Entropy (8bit):	7.978247834289455
Encrypted:	false
SSDEEP:
MD5:	B2ACF88F936B1287B7ACDC83E3EE0838
SHA1:	56A776DC03FCA305DB82CA74EF98697F3C0806CA
SHA-256:	F7844BCC00975226E4717968B1E3B6AC0BA2B6B5010FB73FA0872CAF46E03A1E
SHA-512:	2F3F632AC74547389E00CF033FE831C50F1CAEDA311FF013ABAFBEC812D28ECB05293D02662958EFCFAD9644C5175C9800963780A61E510EE9DBD109320194BB
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...F...F.....q......gAMA....\|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.\|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u@~..(.. ...]..o..0 ~y...s..7.g...%...9.%(....3........H....@...C`...-p.n.......V..H.....@....A1....jP..A3h..A'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f.....z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75", baseline, precision 8, 85x85, components 3
Category:	downloaded
Size (bytes):	3516
Entropy (8bit):	7.858791862090642
Encrypted:	false
SSDEEP:
MD5:	19DBEC0C8F7C580EB04D71DE4C1B932F
SHA1:	E56BE1B30D1210B1C3DAAA53048A0CFECE2BCDC7
SHA-256:	137482D60811F4694A1F6E8CC25FA6BBA3AB4622D189CBB984343F0F25E66CAA
SHA-512:	1621F6F861B380B34FFB30DCCC1175F10A30C6CC3D00039B9D313BAD2CB877B99C332338C8288A49B56F2F18A2013CCDE9168516E4D261908FD5D01E62A793CE
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/sites/default/files/pictures/picture-37400.jpg
Preview:	......JFIF.....H.H.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75....C..............................................!........."$".$.......C.......................................................................U.U..".........................................5.........................!.1.."A.Qaq..2.#BR.$b..r........................................................!..A"1Qq..#23Ba..............?....x.A#.88...DiJT.6.H.....&=..<.<..ML..O)...2N.t.Ff.R....UO.C..8.MC@i.r"...d.j.."k\|rTM(.A....4?.#]..V.4..&...mbY...y......NT.6.BJX.4s..`..+H...`..!+)....E<}.....=.........\|rT..a..r..2........<2.u...[.m.U1J#Pdi.#,.#.y.....m....:.....45g\|;...m..[>...=JI....S.......j;.r.........z~..~.z..N.....(...i]B.......9>......S.$`.....fV7KE.c.....SV.5....N....PG.SCP.?I...~.<..9..X..d....o3.O...U9...N...ia...;....0..T._...S1.L.u.....WX.F....Cu.-M..}'p..8.^.m/].AmEj.p.$uU.A.-..}N.]u..I.R..._.../>vA.?..}.....Wl..M-u..xZQPd......W....{j..[.-wJ.:.'....d.....IS.9.+mA.). s..o.

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 87a, 64 x 64
Category:	downloaded
Size (bytes):	4498
Entropy (8bit):	7.810947697624521
Encrypted:	false
SSDEEP:
MD5:	E5B8C0CFD4645EEC0EC1AF78253682C2
SHA1:	6BCF1285015B70600C4B29C88EF4CFFF3509488F
SHA-256:	C6798C82E7E67E7733858912D2A7F6A6BB46EDFBC5FB274D4B7202156BD9F489
SHA-512:	7765FA75CAAE8EE17E6BB4494AEE0C267B3D7D4FEB9C8CB78D5A3D4F327421FA1AF7BD63F2F209272F5F245E665A33E01771626C0F16243B76240B7529CCF9C5
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/sites/default/files/pictures/picture-124185.gif
Preview:	GIF87a@.@....pf>{d5xd?\|g<.dH.e8yk>tn?vmE.j4.kG.mB.kB.n=.q>.m>.oI.i@.mE.oF.n@.tC.sI.pD.rJ.sE.wA.wG.yN.wI.uI.wO.tJ.~[.uQ.~].{M.{S.zM.~I..T..E..f..[..a..\..b.{Q.{W..b..W..R.{S..P..g..V..\..m..h..]..c..X..^..T..d..S..N..e..`..l..l..a..r..a..^..e..v..q..q..[..l..a..r..W..g..y..k..i..i..u..{..u..p.p..~..m..y....n..y..d..^..j..u.p.x..w.w..}..}.x.....z.t....q..~.~.x..........z.................z..................................................................................................................................................................................................................................................................................................................,....@.@.@...7<....@...0.@0A..."..X.B...2.XP....0H.9a....R.Lh.......$...9q..)4.L.'?~D.B....T.$.B.).*D...qDI..=N..AbF...P..@......(d.a..O..}be.n(R.Te..(.%J.@.j....P.@Ub...+Q.b.B...N=q...r...,K..9....2V.X.aT.].)..l..m

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 73x85, components 3
Category:	downloaded
Size (bytes):	2538
Entropy (8bit):	7.805096315335
Encrypted:	false
SSDEEP:
MD5:	09BF8182E3D546766F62C742D6135499
SHA1:	B681CCC1D8B1D7F5015209D0ED6601EAE589FC3C
SHA-256:	02DD6E9DC79731AF48E4A10BED532A76B590FA971B65FB1D180D8F9BA1082790
SHA-512:	3AFC7D7A0CB31D03FD37C07B799E3B6D0DA7FFD4826E297E1413F409B0777AA07C98FF7C23F73EEDC65FBF7463181E38E576BC55953811BDE1B8D921E5B8C3E5
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/sites/default/files/pictures/picture-7176.jpg
Preview:	......JFIF.....`.`.....C..............................................!........."$".$.......C.......................................................................U.I.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...Q..]9.I.p:b....H...9...2..4..D2O...'...i.-.Ec... ..J..+..ad.f..J....i...E...eV....(..4...X^..W.T..\|?r.2.-...+.....Z\.]...w...!.M....1......\.....g.<@.:...YS....y..F..<m.....%...... .......QM..C...T...._?.>...x..VK._-.`1...G.}.:s^..".o.T.p.2....n.]......R.].~..i&.u..c..I/......+....PBO.w..T..Hb..`..\|..,.Kb.....I.o.....C...@c.I.?.[...m.d....[..+.....9'.

Static File Info

⊘No static file info

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://flibusta.is

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 104

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 75

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 87

Chrome Cache Entry: 89

Chrome Cache Entry: 91

Chrome Cache Entry: 93

Chrome Cache Entry: 96

Static File Info

Windows Analysis Report
https://flibusta.is