Edit tour

Windows Analysis Report
https://flibusta.is

Overview

General Information

Sample URL:	https://flibusta.is
Analysis ID:	1328312

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

HTML title does not match URL

Creates files inside the system directory

Submit button contains javascript call

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 5172 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://flibusta.is/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6700 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1944,i,399393867099334853,7189149454409624440,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary
• Boot Survival

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://flibusta.is/

HTTP Parser: Title: | does not match URL

Source: https://flibusta.is/	HTTP Parser: On click: onKnapsackList()
Source: https://flibusta.is/	HTTP Parser: On click: onKnapsackClear()

Source: https://flibusta.is/

HTTP Parser: <input type="password" .../> found

Source: https://flibusta.is/

HTTP Parser: No <meta name="author".. found

Source: https://flibusta.is/

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49778 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: flibusta.is

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.216
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50

Source: unknown	HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49778 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_5172_405394465

Source: classification engine

Classification label: clean2.win@15/53@12/108

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://flibusta.is/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1944,i,399393867099334853,7189149454409624440,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1944,i,399393867099334853,7189149454409624440,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Scripting	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 Scripting	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://flibusta.is	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	142.251.2.84	true	false	high
www.google.com	142.251.2.147	true	false	high
flibusta.is	179.43.150.83	true	false	high
clients.l.google.com	142.251.2.101	true	false	high
clients1.google.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://flibusta.is/	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.251.2.147	www.google.com	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.2.139	unknown	United States	15169	GOOGLEUS	false
142.251.2.84	accounts.google.com	United States	15169	GOOGLEUS	false
142.251.2.95	unknown	United States	15169	GOOGLEUS	false
179.43.150.83	flibusta.is	Panama	51852	PLI-ASCH	false
142.251.2.94	unknown	United States	15169	GOOGLEUS	false
142.251.2.101	clients.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1328312
Start date and time:	2023-10-18 21:06:15 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://flibusta.is
Analysis system description:	Windows 10 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@15/53@12/108

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 142.251.2.94, 34.104.35.123, 142.251.2.95
Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, content-autofill.googleapis.com, clientservices.googleapis.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://flibusta.is

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 18 18:06:45 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9857427153522305
Encrypted:	false
SSDEEP:
MD5:	04ED1E84FFB0A5D1DE69BCDE1E4C4B68
SHA1:	54295D3E62640942D58A223D3414C46913A27C77
SHA-256:	7F0515814AC51322B45C1B44FD32569FB4C0FD035E3227D062626A37ADB8CB32
SHA-512:	E8FDB5ED7AD121FCF1A9431BF5356A97F7E30ED5F9790AC30D2365EBACD99DE6118E9713CA448205558B1608A4BE0846A593BAFBE8391CE74C5C3FDF4ECA6010
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....9f.<....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IRW.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VRW.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VRW.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VRW............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VRW............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............)b.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 18 18:06:45 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.003687866135469
Encrypted:	false
SSDEEP:
MD5:	E0E1698621694A0C1D91C27C7193D68D
SHA1:	9FBBABC6EC7FAE41A8EFD2389D29165C3CDDCFDB
SHA-256:	3E91291E4E210D27085CABE54B4F2F1460EB5F391B4CAB9BC9E2316115801A1A
SHA-512:	EDB05DFEAEF34E628A1AB8A4468BB340D2F868EECB052361279D545998A189C020754695FBF3904526B38C612CF734E872C9043CBA5B12A05486854AAB02B751
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....;..<....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IRW.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VRW.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VRW.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VRW............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VRW............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............)b.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.008521739763082
Encrypted:	false
SSDEEP:
MD5:	64FAF209A175301C90D7FD4F3B368623
SHA1:	31D5DEC35EC9D56130F2E0D69D71DEE9A9C3DF84
SHA-256:	B24D90E08ED91F2621869E5CBCF473000275E4075287648AB31E7CF135E7F2D0
SHA-512:	A3C4AA96600BA70161C02428D4567D51CD42467E27C2F1BEAFA4F2C2173D731ACB93EA0CC70DFC75C6F0A21BB523CBB11FD62D99AA21D4279B0CA9B33448484E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IRW.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VRW.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VRW.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VRW............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............)b.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 18 18:06:45 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.001466170772136
Encrypted:	false
SSDEEP:
MD5:	47CC3EE0E0295EF0FE005E77016B0D4A
SHA1:	894BA07B3BFC02DEEB0C5C604D423146F9597338
SHA-256:	9F8A661689364E5BF441C34E013AB84ACD0EA26B9EEAA2458EB19D7AFC17F152
SHA-512:	5E6CD79E022A58F3E7776B2F672C4DB6BDCAD267106983A831E42D066BEC6885FE575858814095E653A2BC7C1F9E4023EC8D03D8588A981727D4BD99461B9EA0
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......<....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IRW.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VRW.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VRW.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VRW............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VRW............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............)b.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 18 18:06:45 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9893699594906535
Encrypted:	false
SSDEEP:
MD5:	FF2BFFDCCDAC295B5D129CD669117675
SHA1:	C063EAFD54FC082E7D79DBBAE8348B5336006267
SHA-256:	468D28D4F08B2255841238F4577635A625EC843103536A691C1101EF6793455A
SHA-512:	FB785C35E003092CE41FB6455D667859AE099CB7C71EE7A523896EFAB55743FF19AD814C78F8B2FEF724B32A5C75CED6FC8898201909F598E63D77292E3DBFAE
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......<....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IRW.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VRW.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VRW.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VRW............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VRW............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............)b.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 18 18:06:45 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.999451469295449
Encrypted:	false
SSDEEP:
MD5:	B8B2CF39D38FCAC7616A299AFE64E8B8
SHA1:	713A4D83CFDC5A49E05509F52F25256283589770
SHA-256:	5AC2F6EDD32C268C5B3B558D9BFED8A136F8AD78074A4BA03891BDBB9F6590AD
SHA-512:	877E493F2A009A2D87D554A0ED0464524063332CA3AAE206A5C7B1CAE22A84E1EFD32D82FE3402779D1ED38E7D33DF4845235E3F34EA19FCF7CC36E4E0627D7B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......<....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IRW.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VRW.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VRW.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VRW............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VRW............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............)b.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (949), with CRLF, CR, LF line terminators
Category:	downloaded
Size (bytes):	49238
Entropy (8bit):	5.482201923242856
Encrypted:	false
SSDEEP:
MD5:	C0589E3556F87DB794D70CB6056A4654
SHA1:	EFEC3B79A1B1F4C589FD93FDFFECCE2AA841C6FA
SHA-256:	1A2B6F3991AA26856B7A9F3BCE904E72F8E74C1FDF4963DCC31024B504D15863
SHA-512:	3FBFE3EF978855CAD9A9A8BC44EB29F72055660E115F6AE1AAAB5830589B0D421EE76C0E23FAEEEA08B360C077F5059697B706A73EC7BE16FAEBB2D86758C969
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" lang="ru" xml:lang="ru">..<head>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />. <title>........ \| ....... ........</title>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<link href="/opds" type="application/atom+xml;profile=opds-catalog" rel="related" />.<link rel="alternate" type="application/rss+xml" title="........ RSS" href="http://flibusta.is/rss.xml" />.<link rel="shortcut icon" href="/sites/default/files/bluebreeze_favicon.ico" type="image/x-icon" />.<link rel="apple-touch-icon" href="/sites/default/files/bluebreeze_favicon.ico"/>.<link rel="search" type="application/opensearchdescription+xml" href="/opensearch.xml" title="..... .... .. ........" />. <link type="text/css" rel="stylesheet" media="all" href="/sites/default/files/cs

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (12297)
Category:	downloaded
Size (bytes):	25949
Entropy (8bit):	5.1012000004408335
Encrypted:	false
SSDEEP:
MD5:	B67AF275AE904669EF9E6EA8468EECE2
SHA1:	C38330C1CC4FC93FB2D3ABEF964DB2845205C93E
SHA-256:	361840FBEE3B0726B5F0F5BBFE37E13BDAB8C3C873D643A45B56C5E37C8D2A86
SHA-512:	D96129006CE245B7356042CD1184C3A428B00824052FBB7B4298D5B9892F705C6E8721C47DA3CA2DC011A9B20099092C247A5CE8988253E18E53841A619BC928
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/sites/default/files/css/css_541b6da58ae4dff17f932324504056f9.css
Preview:	.ctools-locked{color:red;border:1px solid red;padding:1em;}.ctools-owns-lock{background:#FFFFDD none repeat scroll 0 0;border:1px solid #F0C020;padding:1em;}a.ctools-ajaxing,input.ctools-ajaxing,button.ctools-ajaxing,select.ctools-ajaxing{padding-right:18px !important;background:url(/modules/ctools/images/status-active.gif) right center no-repeat;}div.ctools-ajaxing{float:left;width:18px;background:url(/modules/ctools/images/status-active.gif) center center no-repeat;}.input.button{border:solid #d1dbec;background-color:#fbfcfe;}.genre{color:#6C7A8D;}p.genre{margin-bottom:0pt;}a.genre{margin-bottom:0pt;margin-top:0pt;font-size:90%;}.h8{color:#00008B;margin-top:4pt;font-size:90%;}.size{color:#bbbbbb;}#sidebar-right{word-wrap:break-word;overflow:hidden;}.sidebar .collapser{float:left;position:relative;cursor:pointer;color:#A7A7A7;display:inline;font:normal normal normal 9px/10px 'Courier New','Lucida Console','BatangChe',monospace;margin:10px -8px 8px 4px;}.sidebar .collapser .selected{co

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
Category:	downloaded
Size (bytes):	7406
Entropy (8bit):	5.676304812582012
Encrypted:	false
SSDEEP:
MD5:	E53FF87AC4FE1B1B7B1185CEB748E605
SHA1:	E4F56E2213B9F4C3CFEDD6307ADE955DD4C400AD
SHA-256:	2ACABE7AF8813C05542CE5CE3C0C61249E63C7D890A88890E1D6A4F6DC2783E2
SHA-512:	E6B00D811E265242CF770E31691C4A2F1A3E72298041A2BFA19EBC2BA314D7FB6684EDA427053BDC2B033B753773335D532C31725E2FB2447E5C6C63A12BCC09
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/sites/default/files/bluebreeze_favicon.ico
Preview:	......00..........6... ......................h.......(...0...`..............................................................................................""".))).UUU.MMM.BBB.999..\|..PP........................3...f..........3...33..3f..3...3...3...f...f3..ff..f...f...f........3...f...................3...f..............f.........3...3.3.3.f.3...3...3...33..333.33f.33..33..33..3f..3f3.3ff.3f..3f..3f..3...3.3.3.f.3...3...3...3...3.3.3.f.3..3...3...3.3.3.f.3...3...3...f...f.3.f.f.f...f...f...f3..f33.f3f.f3..f3..f3..ff..ff3.fff.ff..ff..f...f.3.f.f.f...f...f...f...f.3.f..f...f...f...f.3.f...f................3...............33...f..3.......f...f3..3f..f...f...3....3...f...................3.f.f..................3...f...................3...f..........3...33..3f..3...3...3...f...f3..ff..f...f...f......3..f................3...f..................3...f...............3...f......3...33..3f..3...3...3...f...f3..ff..f...f...f........3...f...................3...f..............3...f.......

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 106 x 102, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13172
Entropy (8bit):	7.971202819194302
Encrypted:	false
SSDEEP:
MD5:	E779897B41DF9C713A2D36858E0C8D37
SHA1:	4DE0763596E25801B927951527560B7ED7DF7448
SHA-256:	6EBB99F44B593382DE6CFBF5A66E1E4EB5F56C4061DCBB889C4E741BDA853CB3
SHA-512:	518F18514DFE26D6E8E637A14A7AC432F1BA08EF9B2F2E4D97E7F165A84432B78274F4AF01F411810ADDC004EECC384C8645F27FF6B3FAD9709010ACBFC448B1
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...j...f.....#.......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 10 x 10
Category:	downloaded
Size (bytes):	183
Entropy (8bit):	5.411126887133346
Encrypted:	false
SSDEEP:
MD5:	25894D2FAC9193BA2FE70F477ABE8C8C
SHA1:	F03B5D96A042F3CCC1D7A71E254E6F7EEC2EA2FE
SHA-256:	AA76185F417CF85D7029B35E3A6544D4495402E17F76A32633B5BA80A81FAA26
SHA-512:	0FAE41D431111D84F26134A4152885BD7CC6C471731A183FCAD0A7D8E66466BB8CF43EE95BEFF35542F2B76859C4C86A7DB1E50542FBBC88F485BF4E7D0FDCE4
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/themes/bluebreeze/images/menu-expanded.gif
Preview:	GIF89a......................................................................................................!.......,..........4 %.di...J.@-O1.S.,..S2...d.i.F...A .....Pb(....p ...;

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32132)
Category:	downloaded
Size (bytes):	130013
Entropy (8bit):	5.4582341653809525
Encrypted:	false
SSDEEP:
MD5:	D7E26AE24FF4473FB85A30FE803647ED
SHA1:	AA02BBDDCA0CF04EB43863EC57C1CC5CDFEA62BA
SHA-256:	FCA8FF51021749135F2CC6BA7A37015BAA645DE15908D1D318A1E376A3D376DE
SHA-512:	4DFD44CD3990E59094A0D749CE552ABA5453C2ECAFC53590C72631798B2DDC78FB97D722F00364A5B6437719690A48EA5E2B17D2AC44E71336F7A900A755DD8F
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/sites/default/files/js/js_65bd89c41ff1e065c43cc27e23c28553.js
Preview:	/! jQuery v1.9.0 \| (c) 2005, 2012 jQuery Foundation, Inc. \| jquery.org/license /(function(e,t){"use strict";function n(e){var t=e.length,n=st.type(e);return st.isWindow(e)?!1:1===e.nodeType&&t?!0:"array"===n\|\|"function"!==n&&(0===t\|\|"number"==typeof t&&t>0&&t-1 in e)}function r(e){var t=Tt[e]={};return st.each(e.match(lt)\|\|[],function(e,n){t[n]=!0}),t}function i(e,n,r,i){if(st.acceptData(e)){var o,a,s=st.expando,u="string"==typeof n,l=e.nodeType,c=l?st.cache:e,f=l?e[s]:e[s]&&s;if(f&&c[f]&&(i\|\|c[f].data)\|\|!u\|\|r!==t)return f\|\|(l?e[s]=f=K.pop()\|\|st.guid++:f=s),c[f]\|\|(c[f]={},l\|\|(c[f].toJSON=st.noop)),("object"==typeof n\|\|"function"==typeof n)&&(i?c[f]=st.extend(c[f],n):c[f].data=st.extend(c[f].data,n)),o=c[f],i\|\|(o.data\|\|(o.data={}),o=o.data),r!==t&&(o[st.camelCase(n)]=r),u?(a=o[n],null==a&&(a=o[st.camelCase(n)])):a=o,a}}function o(e,t,n){if(st.acceptData(e)){var r,i,o,a=e.nodeType,u=a?st.cache:e,l=a?e[st.expando]:st.expando;if(u[l]){if(t&&(r=n?u[l]:u[l].data)){st.isArray(t)?t=t.concat(

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 60 x 85, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	9786
Entropy (8bit):	7.975290462968955
Encrypted:	false
SSDEEP:
MD5:	4C4B624CFB5859215773EABFF0FF5A4E
SHA1:	198A4AC76FAC91BA60108BB0D74F785B34AEAA78
SHA-256:	21DF33FEC94D7AEB3A5EEA73AF3F7400D4490AC3600E815B3FD4F7E140293C48
SHA-512:	253753221A601DF50707648DE1CC86A4330F1DDD46199E4DD70C5891BD42460986DC832DA0BAD06505C4DAAF112B719ED747407C26700AF133CF7D406BE43547
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/sites/default/files/pictures/picture-2215.png
Preview:	.PNG........IHDR...<...U.............pHYs..........+.... .IDATx..wtUU.....W.{....;....."EQ.....u,..m.cgDA...3J......;.!.........r.=.././//........}.....{.}..>.@...u[ .l1...u....u0......P...B4.j........mM.t......@.W.....r.\..."..1..u.q.s]._.wM..^..`.\......~0M8.N4......_.....h....._...........cde.FUU.^..+.5.@i..........7.\|..?..2..kh........5..g....a.....5W2G......T..ap..Y...j...-7x....BAJ.M.9\|.7N.<AEE....c..A..oc..J..e.FJ.........=..q..2y.6...=''...~...(*.J.<h ...............!.j........<^y.%6....."....q...az~...~....z.&.....D..9q.$...kr.r...W.^h....2H.i#K..s.<...._....$u...\|......Z...`....:R5c..0..s...1...}.n.. Z..$j...o/2x.`....O.7.....+)`Z....p.U........s.>.S..KF..M..8..`...nh(..R...Z.......<.0f...i......~.....v.X#....J@...@..Rb...-.../.B....w.j.0.i.v$...z.h.<..K.q;...-.FFQ..>..9..LYI)......F.i..>.!ZWy......[./.U'M.j..+o..K._..c.......A..].;.w.EFc5..L.dV..I...P$.P.....#.C.1f?.{.........[.......`...(.`.3..W..2_......s.._...Yo`...j....'N....s..n.

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 12 x 12, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	217
Entropy (8bit):	5.998781978777057
Encrypted:	false
SSDEEP:
MD5:	8D9BF08FD425987D3F57E2398268D592
SHA1:	E6A9EDCDE4841614FDC478A66F15FB5B8DE52DDD
SHA-256:	D9C38AE14826741460E5075D62C883671E6D3CE12FDFAF8C0398B9CDE962DDBD
SHA-512:	5D74A6946636691B1C4EFE59EA3443CE115E1ACD5CC9762B4273ED1E8B6E3377C82784A7EF4273581C068C8DAADB8FDAFD2EBA8DC07ED4F07F26A1ACC2071AE8
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/themes/bluebreeze/images/mini-comment.png
Preview:	.PNG........IHDR.............a.......gAMA.....OX2....tEXtSoftware.Adobe ImageReadyq.e<....PLTE...eee.........).......tRNS........S...?IDATx.\.A..0....o^...:...H..J.@\j..y.4Y.d,.o..^...;EF..-.<...Nc..........IEND.B`.

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 73x85, components 3
Category:	dropped
Size (bytes):	2538
Entropy (8bit):	7.805096315335
Encrypted:	false
SSDEEP:
MD5:	09BF8182E3D546766F62C742D6135499
SHA1:	B681CCC1D8B1D7F5015209D0ED6601EAE589FC3C
SHA-256:	02DD6E9DC79731AF48E4A10BED532A76B590FA971B65FB1D180D8F9BA1082790
SHA-512:	3AFC7D7A0CB31D03FD37C07B799E3B6D0DA7FFD4826E297E1413F409B0777AA07C98FF7C23F73EEDC65FBF7463181E38E576BC55953811BDE1B8D921E5B8C3E5
Malicious:	false
Reputation:	low
Preview:	......JFIF.....`.`.....C..............................................!........."$".$.......C.......................................................................U.I.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...Q..]9.I.p:b....H...9...2..4..D2O...'...i.-.Ec... ..J..+..ad.f..J....i...E...eV....(..4...X^..W.T..\|?r.2.-...+.....Z\.]...w...!.M....1......\.....g.<@.:...YS....y..F..<m.....%...... .......QM..C...T...._?.>...x..VK._-.`1...G.}.:s^..".o.T.p.2....n.]......R.].~..i&.u..c..I/......+....PBO.w..T..Hb..`..\|..,.Kb.....I.o.....C...@c.I.?.[...m.d....[..+.....9'.

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 4 x 58
Category:	downloaded
Size (bytes):	336
Entropy (8bit):	5.655097435462162
Encrypted:	false
SSDEEP:
MD5:	F49608CBCFFCE79711A571458B8A3AD0
SHA1:	3F63C612B34126E9315AD44431101F834E691256
SHA-256:	1A86CB3BD758183CE508342C916AA1320293D578FB6D7F327393BD6470C6FC86
SHA-512:	2CCE85B5AF8BFCBC855D775FE1A931E76633286A1E09F88EC28D24F3546143DD2B3A5BBF05328290A025715DEABA2294CFD222108A6EE155E5E882FCE3C80D82
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/themes/bluebreeze/images/bg-mission.gif
Preview:	GIF89a..:................................................................................................................................................................................................!.....!.,......:...m@.pH,...r).8#...B.....v".J...al..+.4..(..<..#2..f.../..................... . ............................A.;

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 87a, 64 x 64
Category:	dropped
Size (bytes):	4498
Entropy (8bit):	7.810947697624521
Encrypted:	false
SSDEEP:
MD5:	E5B8C0CFD4645EEC0EC1AF78253682C2
SHA1:	6BCF1285015B70600C4B29C88EF4CFFF3509488F
SHA-256:	C6798C82E7E67E7733858912D2A7F6A6BB46EDFBC5FB274D4B7202156BD9F489
SHA-512:	7765FA75CAAE8EE17E6BB4494AEE0C267B3D7D4FEB9C8CB78D5A3D4F327421FA1AF7BD63F2F209272F5F245E665A33E01771626C0F16243B76240B7529CCF9C5
Malicious:	false
Reputation:	low
Preview:	GIF87a@.@....pf>{d5xd?\|g<.dH.e8yk>tn?vmE.j4.kG.mB.kB.n=.q>.m>.oI.i@.mE.oF.n@.tC.sI.pD.rJ.sE.wA.wG.yN.wI.uI.wO.tJ.~[.uQ.~].{M.{S.zM.~I..T..E..f..[..a..\..b.{Q.{W..b..W..R.{S..P..g..V..\..m..h..]..c..X..^..T..d..S..N..e..`..l..l..a..r..a..^..e..v..q..q..[..l..a..r..W..g..y..k..i..i..u..{..u..p.p..~..m..y....n..y..d..^..j..u.p.x..w.w..}..}.x.....z.t....q..~.~.x..........z.................z..................................................................................................................................................................................................................................................................................................................,....@.@.@...7<....@...0.@0A..."..X.B...2.XP....0H.9a....R.Lh.......$...9q..)4.L.'?~D.B....T.$.B.).*D...qDI..=N..AbF...P..@......(d.a..O..}be.n(R.Te..(.%J.@.j....P.@Ub...+Q.b.B...N=q...r...,K..9....2V.X.aT.].)..l..m

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	223
Entropy (8bit):	6.419554768284562
Encrypted:	false
SSDEEP:
MD5:	94C42D595CBF5EA3F46AE088FE8E4D05
SHA1:	AE5F56C832628B7EC909973ADB600BF3B2A67D44
SHA-256:	D4247ED30734F69D609692CC4278B576470108373ACC75AE3A5E4DBA20457CF1
SHA-512:	81C8D500343BAB6842AC7DC94DA03D540D5DE28FCE17346BD746E1D390D5B5D5CDC4D6FC5D2C6589FE2956DB2633E6AD6BDDCC4450160CF2A2A9CF9ADB32D4C8
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................a....bKGD..............IDAT8.c`.%..-..........Sb....p..!y .... .3....C..k....P\|..G2..*..?...qi......h..G6.=.f,.....j...0S...D$..'...$W...4I..r>zH..6$=!A]....oZ]....g.......$a.F.....IEND.B`.

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 18
Category:	dropped
Size (bytes):	146
Entropy (8bit):	4.193340082508955
Encrypted:	false
SSDEEP:
MD5:	30FA0931C114A5549012597C25D6BB33
SHA1:	3DB0AB43846C59B82ED258698971FA82604DFF55
SHA-256:	DFCEA52BA20178B53F04AA15DD3AC627061DEF92702459E3AFDF5DC2910138A6
SHA-512:	B89B79823B144032868714282E338CEF2E284B279DE175A55861F258F509CA71645B99D0ABB63DCD9DDA82C94A6EF4DADDCB4C59584D4040DB75ADCD8CD104C5
Malicious:	false
Reputation:	low
Preview:	GIF89a.......................................................................................................!.......,............2.@a0H..I.(.p..;

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	818
Entropy (8bit):	5.3259444444491795
Encrypted:	false
SSDEEP:
MD5:	246482C8312290AB4C85324238CD3604
SHA1:	3864B13037E2B75E25AEB14A18D719A5682D5175
SHA-256:	C937B51C1FC0603EC75EA04846AF8F21965703ED9A6490B2C701E37450F4F9EA
SHA-512:	A7947F9698CAA6234B71BB6D657B5088D5A5CAEC1C8A346C8B07B17E2F02A0036D39B828107D1DAC482B1361CF21EF6AB365F0CC451D658BB8E2A3C2726A51A0
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/opensearch.xml
Preview:	<?xml version="1.0" encoding="UTF-8"?>. <OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/">. <ShortName>........</ShortName>. <Description>....... ........</Description>. <Tags></Tags>. <Contact></Contact>. <Url type="text/html" method="get" template="http://flibusta.is/booksearch?ask={searchTerms}"/>. <SearchForm>http://flibusta.is/booksearch</SearchForm>. <LongName>........</LongName>. <Image width="16" height="16">http://flibusta.is/sites/default/files/favicon.ico</Image>. <Developer></Developer>. <Attribution></Attribution>. <SyndicationRight>open</SyndicationRight>. <AdultContent>false</AdultContent>. <Language>*</Language>. <OutputEncoding>UTF-8</OutputEncoding>. <InputEncoding>UTF-8</InputEncoding>. </OpenSearchDescription>

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 9 x 9
Category:	dropped
Size (bytes):	175
Entropy (8bit):	5.27608754003288
Encrypted:	false
SSDEEP:
MD5:	B2AB64A6179918A01B296309FD2367EA
SHA1:	639CAD06E76FEE62F0FB08B1EC5B590C8E45C1E1
SHA-256:	913E0BFF2EBDFD8AA46E82E8282910638F68FDB9F56F447F1F6B259F3FE5E539
SHA-512:	7970BFD74F670B2C19A341800564B16E7BCD6E7E36F8748FA1B28D3BD2938C3A1BC4C7A50CDA35B213A7083347D1CAB82692CAA3B58B3D4443512277D52E234A
Malicious:	false
Reputation:	low
Preview:	GIF89a....................................................................................................!.......,.........., %.$.......@..1.K#..=A..........0.1....D...;

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 3 x 37
Category:	downloaded
Size (bytes):	187
Entropy (8bit):	6.262635635988012
Encrypted:	false
SSDEEP:
MD5:	62A2C1FEE85D71A64391299B872CD120
SHA1:	937A905033D5DD1BA42CEAAFA0CF36FE3BCBFA2B
SHA-256:	F739D2729F1FD478C855BEF64B16D83AB8524E6068651CA4325E47CCCA7AA1BC
SHA-512:	CEB9DB1A92785DBEE966EF5DE7F3DCB5C41462A4FA2340984C56AF8B3ED8E2EF09C15D787698F789308B5578FF834C0A7D3AC1DDF4ED1D60EA810F7B8394402D
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/themes/bluebreeze/images/bg-footer.gif
Preview:	GIF89a..%....s........................................................................................!.......,......%...8.$.\..P..Z.Y...c.x~.M.;@.pAd.).R.L8'P..@.X..V.%x.`.8..;

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1196 x 91
Category:	dropped
Size (bytes):	41297
Entropy (8bit):	7.95984906491549
Encrypted:	false
SSDEEP:
MD5:	10BE2612F3D4FA340DE93DB5EE798F1E
SHA1:	42FF13C108A3287B3C6948D1816C1810DF5C70E5
SHA-256:	D5382A54699A1E6984F8D16C12B2874C57D7DA68E7DC4999A2423CBE1F56A419
SHA-512:	C9F6AD1220B1147DDC7E48BE4AA5970701CC48D6FA57B6A32F63A8255CE014FC19D0971CE7DADDAAF4B278D9137A49F1DF3D223B986601128814E4FC38F0A41B
Malicious:	false
Reputation:	low
Preview:	GIF89a..[.........3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U......3..f..............3..f..............3..f.............3..f.........3..3.33.f3..3..3..3+.3+33+f3+.3+.3+.3U.3U33Uf3U.3U.3U.3..3.33.f3..3..3..3..3.33.f3..3..3..3..3.33.f3.3..3..3..3.33.f3..3..3..f..f.3f.ff..f..f..f+.f+3f+ff+.f+.f+.fU.fU3fUffU.fU.fU.f..f.3f.ff..f..f..f..f.3f.ff..f..f..f..f.3f.ff.f..f..f..f.3f.ff..f..f.......3..f.........+..+3.+f.+..+.+..U..U3.Uf.U..U.U......3..f.............3..f.............3..f............3..f.............3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U....3.f.........3.f...........3..f.............3..f..............3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U......3..f..............3..f..............3..f.............3..f.....................!.......,......[...............Y......H....3j..!. .....c.&GN...`K....r..5k.S.&K.p.*..e(8C.&E.GiS.J.".jG...p..........b...(.e.jJ..j.I...J...;sA.%.w Y..B..L8T`;......j.M..F....&.5U...2..?{.,.s(.Q.....g.

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	12754
Entropy (8bit):	7.978247834289455
Encrypted:	false
SSDEEP:
MD5:	B2ACF88F936B1287B7ACDC83E3EE0838
SHA1:	56A776DC03FCA305DB82CA74EF98697F3C0806CA
SHA-256:	F7844BCC00975226E4717968B1E3B6AC0BA2B6B5010FB73FA0872CAF46E03A1E
SHA-512:	2F3F632AC74547389E00CF033FE831C50F1CAEDA311FF013ABAFBEC812D28ECB05293D02662958EFCFAD9644C5175C9800963780A61E510EE9DBD109320194BB
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...F...F.....q......gAMA....\|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.\|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u@~..(.. ...]..o..0 ~y...s..7.g...%...9.%(....3........H....@...C`...-p.n.......V..H.....@....A1....jP..A3h..A'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f.....z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75", baseline, precision 8, 85x85, components 3
Category:	dropped
Size (bytes):	3516
Entropy (8bit):	7.858791862090642
Encrypted:	false
SSDEEP:
MD5:	19DBEC0C8F7C580EB04D71DE4C1B932F
SHA1:	E56BE1B30D1210B1C3DAAA53048A0CFECE2BCDC7
SHA-256:	137482D60811F4694A1F6E8CC25FA6BBA3AB4622D189CBB984343F0F25E66CAA
SHA-512:	1621F6F861B380B34FFB30DCCC1175F10A30C6CC3D00039B9D313BAD2CB877B99C332338C8288A49B56F2F18A2013CCDE9168516E4D261908FD5D01E62A793CE
Malicious:	false
Reputation:	low
Preview:	......JFIF.....H.H.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75....C..............................................!........."$".$.......C.......................................................................U.U..".........................................5.........................!.1.."A.Qaq..2.#BR.$b..r........................................................!..A"1Qq..#23Ba..............?....x.A#.88...DiJT.6.H.....&=..<.<..ML..O)...2N.t.Ff.R....UO.C..8.MC@i.r"...d.j.."k\|rTM(.A....4?.#]..V.4..&...mbY...y......NT.6.BJX.4s..`..+H...`..!+)....E<}.....=.........\|rT..a..r..2........<2.u...[.m.U1J#Pdi.#,.#.y.....m....:.....45g\|;...m..[>...=JI....S.......j;.r.........z~..~.z..N.....(...i]B.......9>......S.$`.....fV7KE.c.....SV.5....N....PG.SCP.?I...~.<..9..X..d....o3.O...U9...N...ia...;....0..T._...S1.L.u.....WX.F....Cu.-M..}'p..8.^.m/].AmEj.p.$uU.A.-..}N.]u..I.R..._.../>vA.?..}.....Wl..M-u..xZQPd......W....{j..[.-wJ.:.'....d.....IS.9.+mA.). s..o.

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS5.1 Windows, datetime=2015:06:27 10:03:40], baseline, precision 8, 64x62, components 3
Category:	dropped
Size (bytes):	18861
Entropy (8bit):	6.876624410087651
Encrypted:	false
SSDEEP:
MD5:	DF6D067164CFDDFD441FCA1C63D31D38
SHA1:	835412BC3E66DDEB63FE01101D7E94936D4A543C
SHA-256:	2C2060515661C8DD445E9E91AF883870CF94B124DF84CAD2A4AB28DB8EA67446
SHA-512:	CEB766FCB8EAE2BAE4C84E28F9697B0206C6C26AC9BF9062D1C7B4F92B80613240B45CFBC5C411E2C82CBF422D75C9C06BBA114A3586C56023321A92C2B74314
Malicious:	false
Reputation:	low
Preview:	......Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CS5.1 Windows.2015:06:27 10:03:40..........................@...........>...........................................&.(.................................~.......H.......H.........XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch....

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 11 x 11, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	993
Entropy (8bit):	1.833920658229818
Encrypted:	false
SSDEEP:
MD5:	6C840882A886BD1B47DF88A1F758C15E
SHA1:	FA16F0DEE162C447528CAC3A54099089E1CDC75D
SHA-256:	927D4A032E4576A8CCA81944A5D1DC2983BB7F51BF771A4F16644970DADD084A
SHA-512:	5A14D9D4629C3100A31B9CE507995BF377D7CE60F113328C60B2E618048328F1A844D1D778A9873D7223FB9807E682282357B270B0D692FB20E01BF4A9F7517E
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............r......pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F....PLTE......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................tRNS........S...:IDATx.d....1..o.../R$.S!d...Y.L...2E.+....L9qo.?........E.30t......IEND.B`.

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	68
Entropy (8bit):	4.829391149755713
Encrypted:	false
SSDEEP:
MD5:	735809F4AB01EE8D8103D9B6F170979C
SHA1:	6C6F3E097935C13456026C2ED8E861D64EC706E0
SHA-256:	11507BCE47E68F88EB1C7FB2C94A62C0053A3F0FBAACDD51512C2BD2CC5F7EEB
SHA-512:	0835A0BF50754912FC9B23F380A12361A9D8ED6A00F281D6818EC682931B9DB971B845F9A18507074E7F6A367729F4664F7228C64CFA76B74A063A2EAE87D41D
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAklvIggwJArghIFDRgBEG0SHgmy-KqrTqPk0RIFDaVS4OQSBQ2UVPrPEgUNxZPEJA==?alt=proto
Preview:	CgkKBw0YARBtGgAKJQoHDaVS4OQaAAoNDZRU+s8aBAhWGAIgAQoLDcWTxCQaBAhLGAI=

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 10 x 10
Category:	downloaded
Size (bytes):	176
Entropy (8bit):	5.4382213206481
Encrypted:	false
SSDEEP:
MD5:	425D448FD84B9F7B0ADC3230CFAB9C98
SHA1:	4B836BEC12A855356BAFAB7F5F9548D8A981C2E0
SHA-256:	B4E545D7AF5622814EF6DA2F4ACA4F1CE46077BB9C1641761C2398EAF661D8C9
SHA-512:	7AA3135171A1A324455D3B90994150B5D964DCA94213260A87F26FED35F0FECC03D4A1C2A946B449F26556E48D7C377D60B50B1786410D2C36E6B3D7A9836C97
Malicious:	false
Reputation:	low
URL:	https://flibusta.is/themes/bluebreeze/images/menu-collapsed.gif
Preview:	GIF89a....................................................................................................!.......,..........-.%NbY..B..U1.1.n%..R.U.!......{.DcW..f.....UC.;

Static File Info

⊘No static file info

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://flibusta.is

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 77

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 93

Chrome Cache Entry: 96

Chrome Cache Entry: 98

Chrome Cache Entry: 99

Static File Info

Windows Analysis Report
https://flibusta.is