Edit tour

Windows Analysis Report
https://trinitycentermri.ramsoftpacs.com/powerreader/Login.aspx?Menu=3&ResetUID=1.2.124.113540.1.4.419428346.22460.1699024691.366

Overview

General Information

Sample URL:	https://trinitycentermri.ramsoftpacs.com/powerreader/Login.aspx?Menu=3&ResetUID=1.2.124.113540.1.4.419428346.22460.1699024691.366
Analysis ID:	1336783

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

HTML body contains low number of good links

Creates files inside the system directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 2596 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trinitycentermri.ramsoftpacs.com/powerreader/Login.aspx?Menu=3&ResetUID=1.2.124.113540.1.4.419428346.22460.1699024691.366 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6640 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1828,i,4052714605704241835,708627415475027352,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• Phishing
• Compliance
• Software Vulnerabilities
• Networking
• System Summary
• Boot Survival

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://trinitycentermri.ramsoftpacs.com/powerreader/ChangePassword.aspx

HTTP Parser: Number of links: 0

Source: https://trinitycentermri.ramsoftpacs.com/powerreader/ChangePassword.aspx

HTTP Parser: <input type="password" .../> found

Source: https://trinitycentermri.ramsoftpacs.com/powerreader/ChangePassword.aspx	HTTP Parser: No <meta name="author".. found
Source: https://trinitycentermri.ramsoftpacs.com/powerreader/ChangePassword.aspx	HTTP Parser: No <meta name="author".. found

Source: https://trinitycentermri.ramsoftpacs.com/powerreader/ChangePassword.aspx	HTTP Parser: No <meta name="copyright".. found
Source: https://trinitycentermri.ramsoftpacs.com/powerreader/ChangePassword.aspx	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49774 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 19MB later: 27MB

Source: unknown

DNS traffic detected: queries for: trinitycentermri.ramsoftpacs.com

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.21.200
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161

Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49774 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_2596_1944836786

Source: classification engine

Classification label: clean1.win@14/19@12/114

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trinitycentermri.ramsoftpacs.com/powerreader/Login.aspx?Menu=3&ResetUID=1.2.124.113540.1.4.419428346.22460.1699024691.366
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1828,i,4052714605704241835,708627415475027352,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1828,i,4052714605704241835,708627415475027352,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://trinitycentermri.ramsoftpacs.com/powerreader/Login.aspx?Menu=3&ResetUID=1.2.124.113540.1.4.419428346.22460.1699024691.366	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	172.253.115.84	true	false	high
www.google.com	172.253.122.105	true	false	high
clients.l.google.com	172.253.115.139	true	false	high
clients1.google.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high
trinitycentermri.ramsoftpacs.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://trinitycentermri.ramsoftpacs.com/powerreader/ChangePassword.aspx	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.251.167.94	unknown	United States	15169	GOOGLEUS	false
172.253.115.139	clients.l.google.com	United States	15169	GOOGLEUS	false
52.247.199.7	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
172.253.122.105	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.253.63.95	unknown	United States	15169	GOOGLEUS	false
172.253.63.138	unknown	United States	15169	GOOGLEUS	false
142.251.163.94	unknown	United States	15169	GOOGLEUS	false
172.253.115.84	accounts.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1336783
Start date and time:	2023-11-03 16:32:39 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://trinitycentermri.ramsoftpacs.com/powerreader/Login.aspx?Menu=3&ResetUID=1.2.124.113540.1.4.419428346.22460.1699024691.366
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@14/19@12/114

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 142.251.163.94, 52.247.199.7, 34.104.35.123, 172.253.63.95, 142.251.167.95, 172.253.115.95, 142.251.111.95, 142.251.16.95, 172.253.122.95, 142.251.163.95, 172.253.62.95
Excluded domains from analysis (whitelisted): clientservices.googleapis.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://trinitycentermri.ramsoftpacs.com/powerreader/Login.aspx?Menu=3&ResetUID=1.2.124.113540.1.4.419428346.22460.1699024691.366

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 3 14:33:14 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.982872004976501
Encrypted:	false
SSDEEP:
MD5:	755366DD4CE70D278C83F4339598A359
SHA1:	91D9690BB73C155F9B53A36BCA1C1146C3A4D973
SHA-256:	8D5ED927AAA65372FD8FEB21447FC501F47F2307B1795E74C60CE7BD90FC3669
SHA-512:	1423053259B009A8A3099EFFB42104B0C1F9573D42350BF21C257A9FBD1DFF6FE799DB960BF7A0BDB8842597A03E40EA7E8D26F71DA5B95A1F492F91913D0D56
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......k...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IcW \|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VcW&\|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VcW&\|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VcW&\|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VcW(\|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............{J......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 3 14:33:14 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.995070895528522
Encrypted:	false
SSDEEP:
MD5:	C686E7624DA7B505492520F8F1171625
SHA1:	BBD92656ED81252944BB727F6F2A3FAF8ED13490
SHA-256:	27845BBCF0656F6A3EB683C377D743E04D891018C3C6382D76161D19C7F53069
SHA-512:	39B0D555BF8DDF56A97B6EFC17BE5190A036AFC7C907556C4C1F40F848CEE4AF873FF499A969242672EE45E604173DFC850E82319D9C5FDE4EC035D28471B850
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....lw.k...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IcW \|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VcW&\|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VcW&\|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VcW&\|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VcW(\|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............{J......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.006062483914743
Encrypted:	false
SSDEEP:
MD5:	CF44731415F28E45B20D81894405A0F2
SHA1:	68FC7DAA98D6A2051EE1B76FA3C5802ADC1805F5
SHA-256:	2BD624CC036C5676FD002E1F4D0F760A195B8C0954D26F3C3EE946D16711A00A
SHA-512:	73DC6178E8761A60F32CCD90A15DAEA4AC852AF9254C2264B0F5AA856E66658DB7BF7890F4856B2E6E179F2C7F350471611B16DB7F7C7B33716E4376C92C00F3
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IcW \|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VcW&\|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VcW&\|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VcW&\|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............{J......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 3 14:33:14 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.99896107071237
Encrypted:	false
SSDEEP:
MD5:	78C63FED1E79CBB2875E81C5B1B486A9
SHA1:	DFEE48E8C5400DA5C24779647D322047EF2838A5
SHA-256:	E72BB7FF5F20221B69D3F4F62B6EAF6993B8BDF017E11386C8E456E00CE5F485
SHA-512:	3B37983D5CE5BCBF6AA42080BD08BF59A6F0B1CD73B0134DA1852FCF628AD89A4C573F4724D73662AE4656D28C55EB4794D0A67FB5105209EF6BB8AF0B65E5F1
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......q.k...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IcW \|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VcW&\|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VcW&\|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VcW&\|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VcW(\|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............{J......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 3 14:33:14 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9849732104745406
Encrypted:	false
SSDEEP:
MD5:	32F74C7FBFD425B9FD17C7A12626BF6E
SHA1:	A94AF2227D9AE07D9546DF1575080B99EBE87564
SHA-256:	4434657A5A555DE5F382DC689CE72B84165E8E805B31EB824EC330AC70773D88
SHA-512:	962D1D9149E229B968DDBF60661FC560F32CA49CCFD408E1A033B203950513B2B4528550F75D90B6CA538DD9333E7226EFB894B8B129A337F6F5CDF7542209EF
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....~.k...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IcW \|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VcW&\|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VcW&\|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VcW&\|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VcW(\|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............{J......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 3 14:33:14 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.994295375126319
Encrypted:	false
SSDEEP:
MD5:	A171B1CD0CC695F5681E010ECEB186D9
SHA1:	8935E42217BD2DC94CF13E30D52599FD99A7C3BB
SHA-256:	A8D45A01680EF8DB47521523FCFAACFC1FBCA8E24CACDB860045FAA44E9F3257
SHA-512:	C277054B2DC0D3F27BEB3250F93E39D530DD3FCB54ED53E20BB118B40355B8FA43721E4FD3632BA0D1F87E5F8D29002F797BDEDA62E4F8A7EADD94B7555D8A00
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Qh.k...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IcW \|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VcW&\|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VcW&\|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VcW&\|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VcW(\|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............{J......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (580), with CRLF line terminators
Category:	downloaded
Size (bytes):	12204
Entropy (8bit):	5.292285061183377
Encrypted:	false
SSDEEP:
MD5:	4DA9A35F1D4AAAA06127140E05E2C393
SHA1:	A52C4A6D40A297D85EF842DA601345FA5C40EBDE
SHA-256:	AF60BD3A5540BB84FC4027E67DB11F149E4849066700C7F1652B8722439B9103
SHA-512:	F69029F867C283217FB25C8AC6DE6F8B7C670C6D0AD0ACF8F1C1CB30F857D01A72A2B65AEA2A3AF7ED5E38A5534A442910C944FA134EF806BFC78925DA898E55
Malicious:	false
Reputation:	low
URL:	https://trinitycentermri.ramsoftpacs.com/powerreader/ChangePassword.aspx
Preview:	....<!DOCTYPE html>..<html>..<head><title>...RamSoft Login..</title><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="format-detection" content="telephone=no"><meta name="viewport" content="width=device-width"><meta name="robots" content="noindex"><link rel="apple-touch-icon-precomposed" href="mobile/resources/images/RamSoftIcon.png" /><link rel="shortcut icon" href="favicon.ico" type="image/ico" /><link href="Styles/ramsoft.css" rel="stylesheet" type="text/css" /><link href="Styles/media.css" rel="stylesheet" type="text/css" /><link href="Styles/customizable.css" rel="stylesheet" type="text/css" />.. .. <script type="text/javascript" src="Scripts/jquery-3.5.1.min.js"></script>.. <script type="text/javascript" src="Scripts/jquery.bpopup.min.js"></script>.. <script type="text/javascript" src="Scripts/rsstorage.js"></script>.. <script type="text/javascript" src="Scripts/releasedata.js"></script>......<script type="text/javascript" src="Scripts/locales/en-US.

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	23063
Entropy (8bit):	4.7535440881548165
Encrypted:	false
SSDEEP:
MD5:	90EA7274F19755002360945D54C2A0D7
SHA1:	647B5D8BF7D119A2C97895363A07A0C6EB8CD284
SHA-256:	40732E9DCFA704CF615E4691BB07AECFD1CC5E063220A46E4A7FF6560C77F5DB
SHA-512:	7474667800FF52A0031029CC338F81E1586F237EB07A49183008C8EC44A8F67B37E5E896573F089A50283DF96A1C8F185E53D667741331B647894532669E2C07
Malicious:	false
Reputation:	low
URL:	https://trinitycentermri.ramsoftpacs.com/PowerReader/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZHj3NZV-bv_bDvR6mu1kLsz94nB5M7NDha7x5y49O9CGZpXoAm2ZJdhMFkTUTzPsPA2&t=638285885964787378
Preview:	function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) {.. this.eventTarget = eventTarget;.. this.eventArgument = eventArgument;.. this.validation = validation;.. this.validationGroup = validationGroup;.. this.actionUrl = actionUrl;.. this.trackFocus = trackFocus;.. this.clientSubmit = clientSubmit;..}..function WebForm_DoPostBackWithOptions(options) {.. var validationResult = true;.. if (options.validation) {.. if (typeof(Page_ClientValidate) == 'function') {.. validationResult = Page_ClientValidate(options.validationGroup);.. }.. }.. if (validationResult) {.. if ((typeof(options.actionUrl) != "undefined") && (options.actionUrl != null) && (options.actionUrl.length > 0)) {.. theForm.action = options.actionUrl;.. }.. if (options.trackFocus) {.. var lastFocus = theForm.elements["__LASTFOCUS"];.. if ((typeo

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel
Category:	dropped
Size (bytes):	2238
Entropy (8bit):	5.205305174949124
Encrypted:	false
SSDEEP:
MD5:	5172D95FBC3B777E57BABE3C8220DA6E
SHA1:	7BDF6AE418915187BCF3AEF05C5560038CA56A84
SHA-256:	CFE6124C7586081E88DA8DDBF24852B44105ECE8BD358FFFDCA0EDDA64FAECBF
SHA-512:	2597B4EB5EE3098071C3D1851647B017B04B99F9DA49D9B168DC341C2A805540F2C060D57B0D75DC221AE5A68CD8758F0328982020F450387E3001C55138EEF0
Malicious:	false
Reputation:	low
Preview:	...... ..............(... ...@...................................................'%..97..86..?=..HF..EC..DB..CA..KI..RP..db..ec..fd..fd..db..fd..fd..fd..us..............................................#...#..."..."...!... ... ..........................."...#..."...!...!... ... ...................................................!...1,.....,(..'..)&..0-..0-..<8..=9..;8..96..63..JG..IF..IF..HE..HD..GD..FC..ZV..ZV..YV..XU..YV..XU..XU..WT..WT..WT..fc..gd..gd..eb..fc..^\..ec..db..vs..db..ec..db..ur..db..db..ca..tq..db..ca..b`..b`..ur..b`..om..nl...}...~..............}{............................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	TrueType Font data, 18 tables, 1st "FFTM", 8 names, Microsoft, language 0x409, Copyright (c) 2010-2011 by tyPoland Lukasz Dziedzic with Reserved Font Name "Lato". Licensed und
Category:	downloaded
Size (bytes):	45184
Entropy (8bit):	6.702692811783243
Encrypted:	false
SSDEEP:
MD5:	60FB6FD17AEDB1CE90156C2F714851C3
SHA1:	71DA04DA7634CD0DA2700A6B24F2ECF8A2A7DE81
SHA-256:	D60ADAC573EB17F8D766FA704BCBAA91270144375B685109576CD0B1908F7A95
SHA-512:	E3282C991A523E0050D375F3D3E679DE37DA54BC47B9C215BF481922023548B1CABCE8A536C3266ACFA95F790334C41C41D9429C678C204CD4917DF8B7AC504C
Malicious:	false
Reputation:	low
URL:	https://trinitycentermri.ramsoftpacs.com/powerreader/fonts/lato/Lato-Reg-webfont.ttf
Preview:	........... FFTM`..S...,....GDEF.......H...,GPOS.O.....t....GSUB.......,...0OS/2..y...\...`cmap..K2........cvt .8.........:fpgm../........egasp.......D....glyf.Wd....L....head.......d...6hhea.\|.........$hmtx.7R.........loca...L........maxp...E...h... name;FRN........posta........./prep.L.U...D...9.........o1.....................$.........................................0.>..DFLT..latn............................kern.............................k.........x.x....R.(...N...N....."..........p.N.......R.......Z...............(.....(.............N.N...N.....R.R.R.R.R.R.(...........................................................................x.....x.........E...F...F...........F.#...$.F.&......2...4...9.1.:.1.<...?.1.D...F...G...H...R...T...m.J.o.J.y.J.}.J...F...F...F...F...F...F...F...........................................................................................................................J...J...........J...J...J. .....#...&......2...4...F...G...H...R...T........

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	40
Entropy (8bit):	4.462814895472355
Encrypted:	false
SSDEEP:
MD5:	02A9906D09AEAD4CB563F56BAE348C83
SHA1:	3F2CC231564AF61ABCE54F8B889349C5B5067426
SHA-256:	DF04D4E4CEFD8EFBC2D9A4892DE34203F46D9227A95B9E2857A49199DA3B8617
SHA-512:	1BBAC4C0AF1283A0B86C327166EC872147DAA431C24C0C78677C94E09223427A2600B21835F66AFE926CE78DD13B1A4AD90203F164E810B81CB46AA65CE88DBF
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwmwFiVwJ-s87RIFDR2F-h4SBQ1RhI1D?alt=proto
Preview:	ChoKCw0dhfoeGgQITBgCCgsNUYSNQxoECF8YAg==

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://trinitycentermri.ramsoftpacs.com/powerreader/Login.aspx?Menu=3&ResetUID=1.2.124.113540.1.4.419428346.22460.1699024691.366

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 77

Static File Info

Windows Analysis Report
https://trinitycentermri.ramsoftpacs.com/powerreader/Login.aspx?Menu=3&ResetUID=1.2.124.113540.1.4.419428346.22460.1699024691.366