Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://handbrake.fr/

Overview

General Information

Sample URL:https://handbrake.fr/
Analysis ID:1400270
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Drops PE files
Found dropped PE file which has not been started or loaded
Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory
Tries to load missing DLLs

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 1472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://handbrake.fr/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2548 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1984,i,11211144065489940303,8547768803266741001,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 1428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3208 --field-trial-handle=1984,i,11211144065489940303,8547768803266741001,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • HandBrake-1.7.3-x86_64-Win_GUI.exe (PID: 3224 cmdline: "C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe" MD5: 1A1598A4F8A2D8D6B1925CB22A74D5AA)
    • HandBrake-1.7.3-x86_64-Win_GUI.exe (PID: 4200 cmdline: "C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe" MD5: 1A1598A4F8A2D8D6B1925CB22A74D5AA)
      • uninstallhb.exe (PID: 4124 cmdline: "C:\Users\user\AppData\Local\Temp\uninstallhb.exe" _?=C:\Program Files\HandBrake MD5: 34A742F98E351D54AE0DF55F9E0E960E)
  • HandBrake.exe (PID: 4608 cmdline: "C:\Program Files\HandBrake\HandBrake.exe" MD5: EE3CBF592C24B1BF04D906DED5C7D1A9)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Networking
  • System Summary
  • Persistence and Installation Behavior
  • Boot Survival
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://handbrake.fr/HTTP Parser: No favicon
Source: https://handbrake.fr/HTTP Parser: No favicon
Source: https://handbrake.fr/rotation.php?file=HandBrake-1.7.3-x86_64-Win_GUI.exeHTTP Parser: No favicon
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeWindow detected: < &Back&Next >CancelNullsoft Install System v3.09 Nullsoft Install System v3.09License AgreementPlease review the license terms before installing HandBrake 1.7.3.Press Page Down to see the rest of the agreement. GNU GENERAL PUBLIC LICENSE Version 2 June 1991 Copyright (C) 1989 1991 Free Software Foundation Inc. 51 Franklin Street Fifth Floor Boston MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. Preamble The licenses for most software are designed to take away yourfreedom to share and change it. By contrast the GNU General PublicLicense is intended to guarantee your freedom to share and change freesoftware--to make sure the software is free for all its users. ThisGeneral Public License applies to most of the Free SoftwareFoundation's software and to any other program whose authors commit tousing it. (Some other Free Software Foundation software is covered bythe GNU Lesser General Public License instead.) You can apply it toyour programs too. When we speak of free software we are referring to freedom notprice. Our General Public Licenses are designed to make sure that youhave the freedom to distribute copies of free software (and charge forthis service if you wish) that you receive source code or can get itif you want it that you can change the software or use pieces of itin new free programs; and that you know you can do these things. To protect your rights we need to make restrictions that forbidanyone to deny you these rights or to ask you to surrender the rights.These restrictions translate to certain responsibilities for you if youdistribute copies of the software or if you modify it. For example if you distribute copies of such a program whethergratis or for a fee you must give the recipients all the rights thatyou have. You must make sure that they too receive or can get thesource code. And you must show them these terms so they know theirrights. We protect your rights with two steps: (1) copyright the software and(2) offer you this license which gives you legal permission to copydistribute and/or modify the software. Also for each author's protection and ours we want to make certainthat everyone understands that there is no warranty for this freesoftware. If the software is modified by someone else and passed on wewant its recipients to know that what they have is not the original sothat any problems introduced by others will not reflect on the originalauthors' reputations. Finally any free program is threatened constantly by softwarepatents. We wish to avoid the danger that redistributors of a freeprogram will individually obtain patent licenses in effect making theprogram proprietary. To prevent this we have made it clear that anypatent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying distribution andmodifi
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeWindow detected: < &Back&Next >CancelNullsoft Install System v3.09 Nullsoft Install System v3.09License AgreementPlease review the license terms before installing HandBrake 1.7.3.Press Page Down to see the rest of the agreement. GNU GENERAL PUBLIC LICENSE Version 2 June 1991 Copyright (C) 1989 1991 Free Software Foundation Inc. 51 Franklin Street Fifth Floor Boston MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. Preamble The licenses for most software are designed to take away yourfreedom to share and change it. By contrast the GNU General PublicLicense is intended to guarantee your freedom to share and change freesoftware--to make sure the software is free for all its users. ThisGeneral Public License applies to most of the Free SoftwareFoundation's software and to any other program whose authors commit tousing it. (Some other Free Software Foundation software is covered bythe GNU Lesser General Public License instead.) You can apply it toyour programs too. When we speak of free software we are referring to freedom notprice. Our General Public Licenses are designed to make sure that youhave the freedom to distribute copies of free software (and charge forthis service if you wish) that you receive source code or can get itif you want it that you can change the software or use pieces of itin new free programs; and that you know you can do these things. To protect your rights we need to make restrictions that forbidanyone to deny you these rights or to ask you to surrender the rights.These restrictions translate to certain responsibilities for you if youdistribute copies of the software or if you modify it. For example if you distribute copies of such a program whethergratis or for a fee you must give the recipients all the rights thatyou have. You must make sure that they too receive or can get thesource code. And you must show them these terms so they know theirrights. We protect your rights with two steps: (1) copyright the software and(2) offer you this license which gives you legal permission to copydistribute and/or modify the software. Also for each author's protection and ours we want to make certainthat everyone understands that there is no warranty for this freesoftware. If the software is modified by someone else and passed on wewant its recipients to know that what they have is not the original sothat any problems introduced by others will not reflect on the originalauthors' reputations. Finally any free program is threatened constantly by softwarepatents. We wish to avoid the danger that redistributors of a freeprogram will individually obtain patent licenses in effect making theprogram proprietary. To prevent this we have made it clear that anypatent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying distribution andmodifi
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeWindow detected: < &Back&Next >CancelNullsoft Install System v3.09 Nullsoft Install System v3.09License AgreementPlease review the license terms before installing HandBrake 1.7.3.Press Page Down to see the rest of the agreement. GNU GENERAL PUBLIC LICENSE Version 2 June 1991 Copyright (C) 1989 1991 Free Software Foundation Inc. 51 Franklin Street Fifth Floor Boston MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. Preamble The licenses for most software are designed to take away yourfreedom to share and change it. By contrast the GNU General PublicLicense is intended to guarantee your freedom to share and change freesoftware--to make sure the software is free for all its users. ThisGeneral Public License applies to most of the Free SoftwareFoundation's software and to any other program whose authors commit tousing it. (Some other Free Software Foundation software is covered bythe GNU Lesser General Public License instead.) You can apply it toyour programs too. When we speak of free software we are referring to freedom notprice. Our General Public Licenses are designed to make sure that youhave the freedom to distribute copies of free software (and charge forthis service if you wish) that you receive source code or can get itif you want it that you can change the software or use pieces of itin new free programs; and that you know you can do these things. To protect your rights we need to make restrictions that forbidanyone to deny you these rights or to ask you to surrender the rights.These restrictions translate to certain responsibilities for you if youdistribute copies of the software or if you modify it. For example if you distribute copies of such a program whethergratis or for a fee you must give the recipients all the rights thatyou have. You must make sure that they too receive or can get thesource code. And you must show them these terms so they know theirrights. We protect your rights with two steps: (1) copyright the software and(2) offer you this license which gives you legal permission to copydistribute and/or modify the software. Also for each author's protection and ours we want to make certainthat everyone understands that there is no warranty for this freesoftware. If the software is modified by someone else and passed on wewant its recipients to know that what they have is not the original sothat any problems introduced by others will not reflect on the originalauthors' reputations. Finally any free program is threatened constantly by softwarepatents. We wish to avoid the danger that redistributors of a freeprogram will individually obtain patent licenses in effect making theprogram proprietary. To prevent this we have made it clear that anypatent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying distribution andmodifi
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeDirectory created: C:\Program Files\HandBrake
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeDirectory created: C:\Program Files\HandBrake\HandBrake.Worker.exe
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeDirectory created: C:\Program Files\HandBrake\HandBrake.exe
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeDirectory created: C:\Program Files\HandBrake\hb.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeDirectory created: C:\Program Files\HandBrake\portable.ini.template
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeDirectory created: C:\Program Files\HandBrake\doc
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeDirectory created: C:\Program Files\HandBrake\doc\COPYING
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeDirectory created: C:\Program Files\HandBrake\uninst.exe
Source: unknownHTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownDNS traffic detected: queries for: handbrake.fr
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: userenv.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: apphelp.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: propsys.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: dwmapi.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: cryptbase.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: oleacc.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: version.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: shfolder.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: wldp.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: profapi.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: riched20.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: usp10.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: msls31.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: textinputframework.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: wintypes.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: wintypes.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: wintypes.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: textshaping.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: linkinfo.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: ntshrui.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: sspicli.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: srvcli.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: cscapi.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: netutils.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: userenv.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: apphelp.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: propsys.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: dwmapi.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: cryptbase.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: oleacc.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: version.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: shfolder.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: wldp.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: profapi.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: textshaping.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: textinputframework.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: wintypes.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: wintypes.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: wintypes.dll
Source: C:\Program Files\HandBrake\HandBrake.exeSection loaded: textshaping.dll
Source: C:\Program Files\HandBrake\HandBrake.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: iertutil.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: riched20.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: usp10.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: msls31.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: linkinfo.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: ntshrui.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: sspicli.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: srvcli.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeSection loaded: cscapi.dll
Source: C:\Program Files\HandBrake\HandBrake.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\HandBrake\HandBrake.exeSection loaded: textinputframework.dll
Source: C:\Program Files\HandBrake\HandBrake.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\HandBrake\HandBrake.exeSection loaded: coremessaging.dll
Source: C:\Program Files\HandBrake\HandBrake.exeSection loaded: ntmarta.dll
Source: C:\Program Files\HandBrake\HandBrake.exeSection loaded: wintypes.dll
Source: C:\Program Files\HandBrake\HandBrake.exeSection loaded: wintypes.dll
Source: C:\Program Files\HandBrake\HandBrake.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\uninstallhb.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\uninstallhb.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\uninstallhb.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\uninstallhb.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\uninstallhb.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\uninstallhb.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\uninstallhb.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\uninstallhb.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\uninstallhb.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\uninstallhb.exeSection loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\uninstallhb.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\uninstallhb.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\uninstallhb.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\uninstallhb.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\uninstallhb.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\uninstallhb.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\uninstallhb.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\uninstallhb.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\uninstallhb.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\uninstallhb.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\uninstallhb.exeSection loaded: wintypes.dll
Source: classification engineClassification label: clean2.win@25/43@11/92
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeFile created: C:\Program Files\HandBrake
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeMutant created: \Sessions\1\BaseNamedObjects\m
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeFile created: C:\Users\user\AppData\Local\Temp\nshD517.tmp
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeFile read: C:\Users\desktop.ini
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://handbrake.fr/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1984,i,11211144065489940303,8547768803266741001,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1984,i,11211144065489940303,8547768803266741001,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3208 --field-trial-handle=1984,i,11211144065489940303,8547768803266741001,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3208 --field-trial-handle=1984,i,11211144065489940303,8547768803266741001,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe "C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe "C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe "C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe"
Source: unknownProcess created: C:\Program Files\HandBrake\HandBrake.exe "C:\Program Files\HandBrake\HandBrake.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe "C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe"
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeProcess created: C:\Users\user\AppData\Local\Temp\uninstallhb.exe "C:\Users\user\AppData\Local\Temp\uninstallhb.exe" _?=C:\Program Files\HandBrake
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeProcess created: C:\Users\user\AppData\Local\Temp\uninstallhb.exe "C:\Users\user\AppData\Local\Temp\uninstallhb.exe" _?=C:\Program Files\HandBrake
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeFile written: C:\Users\user\AppData\Local\Temp\nscD595.tmp\ioSpecial.ini
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeWindow detected: < &Back&Next >CancelNullsoft Install System v3.09 Nullsoft Install System v3.09License AgreementPlease review the license terms before installing HandBrake 1.7.3.Press Page Down to see the rest of the agreement. GNU GENERAL PUBLIC LICENSE Version 2 June 1991 Copyright (C) 1989 1991 Free Software Foundation Inc. 51 Franklin Street Fifth Floor Boston MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. Preamble The licenses for most software are designed to take away yourfreedom to share and change it. By contrast the GNU General PublicLicense is intended to guarantee your freedom to share and change freesoftware--to make sure the software is free for all its users. ThisGeneral Public License applies to most of the Free SoftwareFoundation's software and to any other program whose authors commit tousing it. (Some other Free Software Foundation software is covered bythe GNU Lesser General Public License instead.) You can apply it toyour programs too. When we speak of free software we are referring to freedom notprice. Our General Public Licenses are designed to make sure that youhave the freedom to distribute copies of free software (and charge forthis service if you wish) that you receive source code or can get itif you want it that you can change the software or use pieces of itin new free programs; and that you know you can do these things. To protect your rights we need to make restrictions that forbidanyone to deny you these rights or to ask you to surrender the rights.These restrictions translate to certain responsibilities for you if youdistribute copies of the software or if you modify it. For example if you distribute copies of such a program whethergratis or for a fee you must give the recipients all the rights thatyou have. You must make sure that they too receive or can get thesource code. And you must show them these terms so they know theirrights. We protect your rights with two steps: (1) copyright the software and(2) offer you this license which gives you legal permission to copydistribute and/or modify the software. Also for each author's protection and ours we want to make certainthat everyone understands that there is no warranty for this freesoftware. If the software is modified by someone else and passed on wewant its recipients to know that what they have is not the original sothat any problems introduced by others will not reflect on the originalauthors' reputations. Finally any free program is threatened constantly by softwarepatents. We wish to avoid the danger that redistributors of a freeprogram will individually obtain patent licenses in effect making theprogram proprietary. To prevent this we have made it clear that anypatent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying distribution andmodifi
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeWindow detected: < &Back&Next >CancelNullsoft Install System v3.09 Nullsoft Install System v3.09License AgreementPlease review the license terms before installing HandBrake 1.7.3.Press Page Down to see the rest of the agreement. GNU GENERAL PUBLIC LICENSE Version 2 June 1991 Copyright (C) 1989 1991 Free Software Foundation Inc. 51 Franklin Street Fifth Floor Boston MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. Preamble The licenses for most software are designed to take away yourfreedom to share and change it. By contrast the GNU General PublicLicense is intended to guarantee your freedom to share and change freesoftware--to make sure the software is free for all its users. ThisGeneral Public License applies to most of the Free SoftwareFoundation's software and to any other program whose authors commit tousing it. (Some other Free Software Foundation software is covered bythe GNU Lesser General Public License instead.) You can apply it toyour programs too. When we speak of free software we are referring to freedom notprice. Our General Public Licenses are designed to make sure that youhave the freedom to distribute copies of free software (and charge forthis service if you wish) that you receive source code or can get itif you want it that you can change the software or use pieces of itin new free programs; and that you know you can do these things. To protect your rights we need to make restrictions that forbidanyone to deny you these rights or to ask you to surrender the rights.These restrictions translate to certain responsibilities for you if youdistribute copies of the software or if you modify it. For example if you distribute copies of such a program whethergratis or for a fee you must give the recipients all the rights thatyou have. You must make sure that they too receive or can get thesource code. And you must show them these terms so they know theirrights. We protect your rights with two steps: (1) copyright the software and(2) offer you this license which gives you legal permission to copydistribute and/or modify the software. Also for each author's protection and ours we want to make certainthat everyone understands that there is no warranty for this freesoftware. If the software is modified by someone else and passed on wewant its recipients to know that what they have is not the original sothat any problems introduced by others will not reflect on the originalauthors' reputations. Finally any free program is threatened constantly by softwarepatents. We wish to avoid the danger that redistributors of a freeprogram will individually obtain patent licenses in effect making theprogram proprietary. To prevent this we have made it clear that anypatent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying distribution andmodifi
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeWindow detected: < &Back&Next >CancelNullsoft Install System v3.09 Nullsoft Install System v3.09License AgreementPlease review the license terms before installing HandBrake 1.7.3.Press Page Down to see the rest of the agreement. GNU GENERAL PUBLIC LICENSE Version 2 June 1991 Copyright (C) 1989 1991 Free Software Foundation Inc. 51 Franklin Street Fifth Floor Boston MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. Preamble The licenses for most software are designed to take away yourfreedom to share and change it. By contrast the GNU General PublicLicense is intended to guarantee your freedom to share and change freesoftware--to make sure the software is free for all its users. ThisGeneral Public License applies to most of the Free SoftwareFoundation's software and to any other program whose authors commit tousing it. (Some other Free Software Foundation software is covered bythe GNU Lesser General Public License instead.) You can apply it toyour programs too. When we speak of free software we are referring to freedom notprice. Our General Public Licenses are designed to make sure that youhave the freedom to distribute copies of free software (and charge forthis service if you wish) that you receive source code or can get itif you want it that you can change the software or use pieces of itin new free programs; and that you know you can do these things. To protect your rights we need to make restrictions that forbidanyone to deny you these rights or to ask you to surrender the rights.These restrictions translate to certain responsibilities for you if youdistribute copies of the software or if you modify it. For example if you distribute copies of such a program whethergratis or for a fee you must give the recipients all the rights thatyou have. You must make sure that they too receive or can get thesource code. And you must show them these terms so they know theirrights. We protect your rights with two steps: (1) copyright the software and(2) offer you this license which gives you legal permission to copydistribute and/or modify the software. Also for each author's protection and ours we want to make certainthat everyone understands that there is no warranty for this freesoftware. If the software is modified by someone else and passed on wewant its recipients to know that what they have is not the original sothat any problems introduced by others will not reflect on the originalauthors' reputations. Finally any free program is threatened constantly by softwarepatents. We wish to avoid the danger that redistributors of a freeprogram will individually obtain patent licenses in effect making theprogram proprietary. To prevent this we have made it clear that anypatent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying distribution andmodifi
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeDirectory created: C:\Program Files\HandBrake
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeDirectory created: C:\Program Files\HandBrake\HandBrake.Worker.exe
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeDirectory created: C:\Program Files\HandBrake\HandBrake.exe
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeDirectory created: C:\Program Files\HandBrake\hb.dll
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeDirectory created: C:\Program Files\HandBrake\portable.ini.template
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeDirectory created: C:\Program Files\HandBrake\doc
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeDirectory created: C:\Program Files\HandBrake\doc\COPYING
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeDirectory created: C:\Program Files\HandBrake\uninst.exe
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeFile created: C:\Program Files\HandBrake\HandBrake.Worker.exeJump to dropped file
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeFile created: C:\Users\user\AppData\Local\Temp\nscD595.tmp\InstallOptions.dllJump to dropped file
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeFile created: C:\Program Files\HandBrake\HandBrake.exeJump to dropped file
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeFile created: C:\Users\user\AppData\Local\Temp\nscD595.tmp\System.dllJump to dropped file
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeFile created: C:\Program Files\HandBrake\hb.dllJump to dropped file
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeFile created: C:\Program Files\HandBrake\uninst.exeJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\02ec9df8-6326-4f7e-ba2f-f166e5344fcd.tmpJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\Unconfirmed 354143.crdownloadJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HandBrake
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HandBrake\HandBrake.lnk
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HandBrake\Uninstall.lnk
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\uninstallhb.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeDropped PE file which has not been started: C:\Program Files\HandBrake\HandBrake.Worker.exeJump to dropped file
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nscD595.tmp\InstallOptions.dllJump to dropped file
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nscD595.tmp\System.dllJump to dropped file
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeDropped PE file which has not been started: C:\Program Files\HandBrake\hb.dllJump to dropped file
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeFile Volume queried: C:\Program Files FullSizeInformation
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeFile Volume queried: C:\Program Files FullSizeInformation
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeFile Volume queried: C:\Program Files\HandBrake FullSizeInformation
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeFile Volume queried: C:\Program Files\HandBrake FullSizeInformation
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exeQueries volume information: C:\ VolumeInformation

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		3
Masquerading		OS Credential Dumping2
File and Directory Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Process Injection		LSASS Memory12
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://handbrake.fr/0%Avira URL Cloudsafe

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\Downloads\Unconfirmed 354143.crdownload0%ReversingLabs
C:\Program Files\HandBrake\HandBrake.Worker.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nscD595.tmp\InstallOptions.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nscD595.tmp\System.dll0%ReversingLabs
C:\Program Files\HandBrake\HandBrake.exe0%ReversingLabs
C:\Program Files\HandBrake\hb.dll3%ReversingLabs
C:\Program Files\HandBrake\uninst.exe0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
handbrake.fr
46.105.55.28
truefalse
    		high
    github.com
    		140.82.114.4
    		truefalse
      		high
      c-0005.c-msedge.net
      		13.107.4.50
      		truefalse
        		unknown
        www.google.com
        		142.251.167.104
        		truefalse
          		high
          objects.githubusercontent.com
          		185.199.109.133
          		truefalse
            		unknown
            repository.certum.pl
            		unknown
            		unknownfalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://handbrake.fr/rotation.php?file=HandBrake-1.7.3-x86_64-Win_GUI.exefalse
                		high
                https://handbrake.fr/false
                  		high

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  140.82.114.4
                  		github.comUnited States
                  		36459GITHUBUSfalse
                  1.1.1.1
                  		unknownAustralia
                  		13335CLOUDFLARENETUSfalse
                  142.251.167.101
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  172.253.63.94
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  172.253.63.138
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  142.251.167.104
                  		www.google.comUnited States
                  		15169GOOGLEUSfalse
                  172.253.62.84
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  172.253.122.94
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  23.207.202.34
                  		unknownUnited States
                  		20940AKAMAI-ASN1EUfalse
                  239.255.255.250
                  		unknownReserved
                  		unknownunknownfalse
                  46.105.55.28
                  		handbrake.frFrance
                  		16276OVHFRfalse
                  185.199.109.133
                  		objects.githubusercontent.comNetherlands
                  		54113FASTLYUSfalse
                  23.48.104.107
                  		unknownUnited States
                  		20940AKAMAI-ASN1EUfalse

                  Private

                  IP
                  192.168.2.16

                  General Information

                  Joe Sandbox version:40.0.0 Tourmaline
                  Analysis ID:1400270
                  Start date and time:2024-02-28 15:48:20 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                  Sample URL:https://handbrake.fr/
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:21
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • EGA enabled
                  Analysis Mode:stream
                  Analysis stop reason:Timeout
                  Detection:CLEAN
                  Classification:clean2.win@25/43@11/92
                  • Exclude process from analysis (whitelisted): svchost.exe
                  • Excluded IPs from analysis (whitelisted): 172.253.63.94, 142.251.167.101, 142.251.167.139, 142.251.167.100, 142.251.167.113, 142.251.167.102, 142.251.167.138, 172.253.62.84, 34.104.35.123
                  • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • VT rate limit hit for: https://handbrake.fr/

                  Created / dropped Files

                  C:\Program Files\HandBrake\HandBrake.Worker.exe

                  Download File
                  Process:C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe
                  File Type:PE32+ executable (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):730174
                  Entropy (8bit):6.965572228442671
                  Encrypted:false
                  SSDEEP:
                  MD5:94D1E5AA26613B328286AF8539EAD1C6
                  SHA1:A95A082A2E49D8A69FC274AABE6BCDC3A6264A8D
                  SHA-256:53748F879F972D9ABFC6BB528C9C9A95FD6D1C7462FBB7B61A665B95F71B95C5
                  SHA-512:2906955925E33E960968D9AFA08A136B497045F586FBDC11776EE5FF701D22DDBA2A0F11EE0F435E30B7F86D7D65F32D9E76C3A0B1801F679CC8D796F5964D84
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}.............../......./......./.....a.....S../........"...I../....I../....Rich............................PE..d.....oe..........".................`<.........@..........................................`.................................................t$...............`..@.......................T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data........@......................@....pdata..@....`.......&..............@..@_RDATA...............<..............@..@.reloc...............>..............@..B.rsrc................B..............@..@........................................................................................................................................................................................................................

                  C:\Program Files\HandBrake\HandBrake.exe

                  Download File
                  Process:C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe
                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):37322965
                  Entropy (8bit):6.457322647708653
                  Encrypted:false
                  SSDEEP:
                  MD5:EE3CBF592C24B1BF04D906DED5C7D1A9
                  SHA1:1931BDD5D120635C357B3000DFF08EC9110CE1E3
                  SHA-256:EE818FE194C29F1F31D6EDFFEB8256405618DAB251F3765BBBACFB91EA666336
                  SHA-512:97B52ABF6CAB8540BB7E6467EDDAF02199C34FB40EB561EE022E626F9976E9A6D5B1006D053F2F1234C4A8760D686A6DFECE1C5FD25483FF2D67BAE43E38D8AC
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}.............../......./......./.....a.....S../........"...I../....I../....Rich............................PE..d.....oe..........".................`<.........@..........................................`.................................................t$..........0....`..@.......................T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data........@......................@....pdata..@....`.......&..............@..@_RDATA...............<..............@..@.reloc...............>..............@..B.rsrc...0............B..............@..@........................................................................................................................................................................................................................

                  C:\Program Files\HandBrake\doc\COPYING

                  Download File
                  Process:C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):18091
                  Entropy (8bit):4.666505406573476
                  Encrypted:false
                  SSDEEP:
                  MD5:39BBA7D2CF0BA1036F2A6E2BE52FE3F0
                  SHA1:1D8C93712CBC9117A9E55A7FF86CEBD066C8BFD8
                  SHA-256:F9C375A1BE4A41F7B70301DD83C91CB89E41567478859B77EEF375A52D782505
                  SHA-512:C36527C31BC2BC5A919DF62DE75C8EEB73234A8A9854CF6C2F5730D6994BAEC616B99EB54027B3D9D3F597C146F2CB1F42C7C23E1224F739B234CBAF780F73FB
                  Malicious:false
                  Reputation:unknown
                  Preview: GNU GENERAL PUBLIC LICENSE. Version 2, June 1991.. Copyright (C) 1989, 1991 Free Software Foundation, Inc.,. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Everyone is permitted to copy and distribute verbatim copies. of this license document, but changing it is not allowed... Preamble.. The licenses for most software are designed to take away your.freedom to share and change it. By contrast, the GNU General Public.License is intended to guarantee your freedom to share and change free.software--to make sure the software is free for all its users. This.General Public License applies to most of the Free Software.Foundation's software and to any other program whose authors commit to.using it. (Some other Free Software Foundation software is covered by.the GNU Lesser General Public License instead.) You can apply it to.your programs, too... When we speak of free software, we are referring to freedom, no

                  C:\Program Files\HandBrake\hb.dll

                  Download File
                  Process:C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe
                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):69270528
                  Entropy (8bit):6.832495220161241
                  Encrypted:false
                  SSDEEP:
                  MD5:D3F0F312725A18D683820CD9DEF15860
                  SHA1:521A515D3683E4C37500FCD6576AA19BFFA0E512
                  SHA-256:0AF40481A7C392C68069B1A8C225BEB3E7062760131AE09BAD467D84B09C1862
                  SHA-512:08A346C13F9C602E8FF51C3F461DC9002DC5AC1F16E975E53F39E094D9FA7F7934E7EF63DAAEDF10D0524B80308DD6EE792E706B3999CAFA0FD07CE4F76CE2E0
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 3%
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......e..........."...)..G... .."{.0..........>....................................+.!...`... .......................................j.../.....\@...........P...............P...0..............................(...................@..P............................text.....G.......G.................`..`.rodata.0.....G.......G.............`..`.data...`o....G..p....G.............@....rdata.......@I.......I.............@..@.pdata.......P.......:..............@..@.xdata..............................@..@.bss.....!{..............................edata..../...j.../..t..............@..@.idata..\@.......B..................@....CRT....p....0......................@....tls.........@......................@....reloc...0...P...2..................@..B................................................................................................................................

                  C:\Program Files\HandBrake\portable.ini.template

                  Download File
                  Process:C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe
                  File Type:Unicode text, UTF-8 (with BOM) text
                  Category:dropped
                  Size (bytes):1653
                  Entropy (8bit):4.609172811541226
                  Encrypted:false
                  SSDEEP:
                  MD5:A55A14ACDB96D6F87B3C5E906FD338A8
                  SHA1:E51CD75065E0F53AF1E96F532569F3B7B9508771
                  SHA-256:81D2A215AF90F34439F598B02E330654D5D71C7667106F97A143CB319BF9B5E0
                  SHA-512:F5403E9C53C930E9BB111A79D6A098037CD48B0B44E29B21021E0FD623977BD2BFAFA1B0EC8BE804FB23ED798132005D426F8E0B2A7B6B581CB810460C3B7B00
                  Malicious:false
                  Reputation:unknown
                  Preview:.#################################.# HandBrake Portable.#################################.# Notes:.# - Rename this file to portable.ini to activate feature..#.# - storage.dir => Stores Presets, Settings and Log Files. (See Note 1).# - tmp.dir => Temporary files only. i.e Preview images (See Note 1).# - update.check => true | false (false disables the update check preference and disables update checking completely. true enables user-choice.).# - hardware.enabled => true | false (Enables the hardware encoders such as QSV, NVENC or VCE).# - process.isolation.enabled => true | false (See Note 2).# - software.render => true | false (Only set to true if you are experiencing UI corruption or glitches).# - theme.enabled => true | false (default true, false disables dark and light themes and uses stock framework appearence.).#.# Note 1:.# Set to 'cwd' to use the current applications directory. It will automat

                  C:\Program Files\HandBrake\uninst.exe

                  Download File
                  Process:C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                  Category:dropped
                  Size (bytes):158494
                  Entropy (8bit):7.511525022873808
                  Encrypted:false
                  SSDEEP:
                  MD5:34A742F98E351D54AE0DF55F9E0E960E
                  SHA1:4728F7DE81363EC7ABF1EF13554F686AD4D9B844
                  SHA-256:61DC21D487D79715C38347F3D6FA95D33F230706677737F4B55D820223E99356
                  SHA-512:5A65D1F7FF8CEDDA2D673402BEF528B6EFE5B5DAECD2131720A2A172AEE29A18AC61B0B48249CA8D9B461017DBA735797047C0CB012FFCC5BA044778932B4F89
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN.s~..PN..VH..PN.Rich.PN.........................PE..L...c.d.................f...".......4............@...................................h...@...........................................................h..(...........................................................................................text...Ve.......f.................. ..`.rdata..X............j..............@..@.data...8............~..............@....ndata... ...............................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................

                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HandBrake\HandBrake.lnk

                  Download File
                  Process:C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sat Feb 10 21:57:54 2024, mtime=Wed Feb 28 13:50:12 2024, atime=Sat Feb 10 21:57:54 2024, length=37322965, window=hide
                  Category:dropped
                  Size (bytes):891
                  Entropy (8bit):4.566252700459163
                  Encrypted:false
                  SSDEEP:
                  MD5:B64EEA4103A36DB1E1852D8BBFD65344
                  SHA1:7F1212FD27A8B600845ECB512FF2DE3E99DDD9A9
                  SHA-256:3B9672748B5870F832D04ED3BBA85AD46CC3D315A4ED972ADAD059498BC3F886
                  SHA-512:1133AE582A58882DE888F81422DD6E5B874CB4BA4AB5BEE152A11C1F90948B91EF9B96002566CAFCC915F982D43BE05A55F641228469810A0741E53516FAC069
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.... .......t\..tz.nUj......t\...9..........................P.O. .:i.....+00.../C:\.....................1.....\XFv..PROGRA~1..t......O.I\XFv....B...............J.....D.a.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....\.1.....\XJv..HANDBR~1..D......\XFv\XJv...........................qv.H.a.n.d.B.r.a.k.e.....h.2..9.JX;. .HANDBR~2.EXE..L......JX;.\XGv....&.........................H.a.n.d.B.r.a.k.e...e.x.e.......W...............-.......V..............i.....C:\Program Files\HandBrake\HandBrake.exe..7.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.H.a.n.d.B.r.a.k.e.\.H.a.n.d.B.r.a.k.e...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.H.a.n.d.B.r.a.k.e.\.d.o.c.`.......X.......258555...........hT..CrF.f4... ..............%..hT..CrF.f4... ..............%.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HandBrake\Uninstall.lnk

                  Download File
                  Process:C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe
                  File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                  Category:dropped
                  Size (bytes):589
                  Entropy (8bit):2.8296129697018704
                  Encrypted:false
                  SSDEEP:
                  MD5:F560D717E8BD6754EC81E895C2EF65F8
                  SHA1:F8DB4E809743C3D1462A3B969FFCE71645EE579E
                  SHA-256:FB1B101FABA4194D51E31A6020D0CD2A32323D6A3DA64644D1E9727E21169FAD
                  SHA-512:5AED86AFA13FCD740B181587368F0DEA291C7391C16FAA23FE11963CC7C64B44C040C60BB0AE16FEA272F1F715DB9A7C5E807E7151AFB7C2720D10AF846D32C9
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F........................................................S....P.O. .:i.....+00.../C:\...................h.1...........Program Files.L............................................P.r.o.g.r.a.m. .F.i.l.e.s.....\.1...........HandBrake.D............................................H.a.n.d.B.r.a.k.e.....`.2...........uninst.exe..F............................................u.n.i.n.s.t...e.x.e.......4.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.H.a.n.d.B.r.a.k.e.\.u.n.i.n.s.t...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.H.a.n.d.B.r.a.k.e.\.d.o.c.....

                  C:\Users\Public\Desktop\HandBrake.lnk

                  Download File
                  Process:C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sat Feb 10 21:57:54 2024, mtime=Wed Feb 28 13:50:19 2024, atime=Sat Feb 10 21:57:54 2024, length=37322965, window=hide
                  Category:dropped
                  Size (bytes):873
                  Entropy (8bit):4.588820311900055
                  Encrypted:false
                  SSDEEP:
                  MD5:4573B6EB513560A876046DF311DCEF01
                  SHA1:3908CA218E51E576A5E96572069652B74DB84771
                  SHA-256:0057960E8A4C1A0B70740BECB97BF072097B22BADB8CECD247E8225E406B7383
                  SHA-512:6EA8F69A1A92C70E64AF56ACD4AD2E8919AB9165D8FF8221BFA3838CE3EB05736B70966A70F6B4854E4E6E41D07B126499B34F61D6E5DE3C91A68E58F9C78E1C
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.... .......t\...p.rUj......t\...9..........................P.O. .:i.....+00.../C:\.....................1.....\XFv..PROGRA~1..t......O.I\XFv....B...............J.....D.a.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....\.1.....\XJv..HANDBR~1..D......\XFv\XJv...........................qv.H.a.n.d.B.r.a.k.e.....h.2..9.JX;. .HANDBR~2.EXE..L......JX;.\XGv....&.........................H.a.n.d.B.r.a.k.e...e.x.e.......W...............-.......V..............i.....C:\Program Files\HandBrake\HandBrake.exe........\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.H.a.n.d.B.r.a.k.e.\.H.a.n.d.B.r.a.k.e...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.H.a.n.d.B.r.a.k.e.\.d.o.c.`.......X.......258555...........hT..CrF.f4... ..............%..hT..CrF.f4... ..............%.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6525274CBC2077D43D7D17A33C868C4F

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Certificate, Version=3
                  Category:dropped
                  Size (bytes):959
                  Entropy (8bit):7.299068655276023
                  Encrypted:false
                  SSDEEP:
                  MD5:D5E98140C51869FC462C8975620FAA78
                  SHA1:07E032E020B72C3F192F0628A2593A19A70F069E
                  SHA-256:5C58468D55F58E497E743982D2B50010B6D165374ACF83A7D4A32DB768C4408E
                  SHA-512:9BD164CC4B9EF07386762D3775C6D9528B82D4A9DC508C3040104B8D41CFEC52EB0B7E6F8DC47C5021CE2FE3CA542C4AE2B54FD02D76B0EABD9724484621A105
                  Malicious:false
                  Reputation:unknown
                  Preview:0...0...........D.0...*.H........0~1.0...U....PL1"0 ..U....Unizeto Technologies S.A.1'0%..U....Certum Certification Authority1"0 ..U....Certum Trusted Network CA0...081022120737Z..291231120737Z0~1.0...U....PL1"0 ..U....Unizeto Technologies S.A.1'0%..U....Certum Certification Authority1"0 ..U....Certum Trusted Network CA0.."0...*.H.............0..........}.r.......k.N.n@..m']..[-.Z.Q_..2.a..n...0....iW..9]jdy..Y.<1J8|...K(. _;...Ms..O.V.Z.....h.#.Y'..'..nr..0r.....tu..*.{.T...C9.U(.......8I3.v..9E.....Q.|.-..._....-..BwL%.8o.......Y>.`N..(.Iy.K.H./.r.9....4r..@.1.....-.]..P.^..i..3(.P...T.T.PE..I......B0@0...U.......0....0...U.......v....$......7Fu.0...U...........0...*.H................"..=...b.H..^r.xD......#H..*.U.....'...c....7yA["...A\.p...w.#...lV/.i....!.P......7.....-E...B..t./....'.G...F.w......1.(t.4.3.&...t.>..v.'..f...A[.V.sp...1A./.-.ZvoN.N..?[."...fX.J...**-...9T.H.v'..-....9....'.5).@....U..F.4.~.9..8.Q.O,

                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 69211 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                  Category:dropped
                  Size (bytes):69211
                  Entropy (8bit):7.995787876711886
                  Encrypted:true
                  SSDEEP:
                  MD5:753DF6889FD7410A2E9FE333DA83A429
                  SHA1:3C425F16E8267186061DD48AC1C77C122962456E
                  SHA-256:B42DC237E44CBC9A43400E7D3F9CBD406DBDEFD62BFE87328F8663897D69DF78
                  SHA-512:9D56F79410AD0CF852C74C3EF9454E7AE86E80BDD6FF67773994B48CCAC71142BCF5C90635DA6A056E1406E81E64674DB9584928E867C55B77B59E2851CF6444
                  Malicious:false
                  Reputation:unknown
                  Preview:MSCF....[.......,...................I..................WR. .authroot.stl..L...5..CK..<Tk...p.k:.]...k..-.o.d.}.N.F....!.....$t)K."..DE.....v..gr...}?>.<.s..<...{.t..\F.e.F...8&.<..>...t8....`dqM4.y..t8..t..3..1.`\.:+.<].F...3.~.M.B...*..J....PR.+..UUUV.GY...8...._vl.....H}.s.Pq..r.<.0.lG.C..e(..oe........9..'8..m.......G8T......sR..&=.*J....s.U......#...).j...x.....gq.+.N:.Wj...V.t...(J.;^..Mr~e..}.q....q....eo..O.....@.B.S.....66.|!.(.........D!k..&.. /.....H~.....}.(..|.S..~8..A..(.#..w.*Y.....'.F...y&.8......f..49r..N...(zX.0;.....000.3c)Z.v.5N'.z...rNFw,E.NY..#ua.o.$..Y?.-.=....}d.*..]......x_<.W....ya.3.a..SQT.U..|!.pyCA..-h..Y..>n......^.U.....H...EY.\.......}.-(....h..=xiV.O.W@p.=.r.i..c...c....S.x.;..GWf...=.:.....S.c/..v..3.iG<.&..%...8..=}.....+.n\?0"A.Y%<......+..O. .9..#..>.....5.2.j.1<.Z.>v..j...wr.i.:....!...;.N[.q..z9j..l.R.&,....$.V...k.j..Tc..m..D!%....".Y.#V."w.|....L| ..p........w.=..ck...<........{s..w..};../.=...k....YH.

                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6525274CBC2077D43D7D17A33C868C4F

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):192
                  Entropy (8bit):2.7219186440897682
                  Encrypted:false
                  SSDEEP:
                  MD5:FD6C1C53EB128F17F69D94B046452FF5
                  SHA1:23CA8CB4984658BB86A6560A4344F4FE8982BA19
                  SHA-256:42E8D20C9F2A7D74D04F185C5B1E127CDABFFD5541382AA4426673603246FFD5
                  SHA-512:0DDABE148574A4B6CDEE6C704508D292CB181D0D1C8BE64F445ECF9756D733EE78A3BDE6C1B139647F8E471A035F8CA6777ADAD344C98590CE5AE5AAC58187D5
                  Malicious:false
                  Reputation:unknown
                  Preview:p...... ....L......`Uj..(....................................................... ........N.q........................h.t.t.p.:././.r.e.p.o.s.i.t.o.r.y...c.e.r.t.u.m...p.l./.c.t.n.c.a...c.e.r...

                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):330
                  Entropy (8bit):3.1403893774666574
                  Encrypted:false
                  SSDEEP:
                  MD5:0EB0BEB4BF9B34B1D12964ED462E2A84
                  SHA1:D45EBD70154D5088DEFFBEF33422BEE4169ECEEA
                  SHA-256:29D014DE015EDBD554ADB0E48A15306BBD1CB998CC9C41CB3C0EF03138736492
                  SHA-512:94C318A7EAFDBC02CA836D58CAD647C4EC27C515165DF62F9C25309D417F3FD8C1B917587C5668E16DD5F0A3EEB92B715EFFE8CAC2805BA0A17D365806478A43
                  Malicious:false
                  Reputation:unknown
                  Preview:p...... ..........R`Uj..(....................................................... .........;.i......(...........[...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".2.c.8.3.b.1.3.b.a.f.6.9.d.a.1.:.0."...

                  C:\Users\user\AppData\Local\Temp\nscD595.tmp\InstallOptions.dll

                  Download File
                  Process:C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):15872
                  Entropy (8bit):5.471472713414473
                  Encrypted:false
                  SSDEEP:
                  MD5:D095B082B7C5BA4665D40D9C5042AF6D
                  SHA1:2220277304AF105CA6C56219F56F04E894B28D27
                  SHA-256:B2091205E225FC07DAF1101218C64CE62A4690CACAC9C3D0644D12E93E4C213C
                  SHA-512:61FB5CF84028437D8A63D0FDA53D9FE0F521D8FE04E96853A5B7A22050C4C4FB5528FF0CDBB3AE6BC74A5033563FC417FC7537E4778227C9FD6633AE844C47D9
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N.px.q.+.q.+.q.+.q.+[q.+.~C+.q.+^R.+.q.+^R/+.q.+.w.+.q.+.Q.+.q.+Rich.q.+........PE..L...O.d...........!.........`.......+.......0............................................@..........................8......X1..................................X....................................................0..X............................text............................... ..`.rdata..G....0......."..............@..@.data...DL...@.......,..............@....rsrc................6..............@..@.reloc..x............8..............@..B........................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\nscD595.tmp\System.dll

                  Download File
                  Process:C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):12288
                  Entropy (8bit):5.805604762622714
                  Encrypted:false
                  SSDEEP:
                  MD5:4ADD245D4BA34B04F213409BFE504C07
                  SHA1:EF756D6581D70E87D58CC4982E3F4D18E0EA5B09
                  SHA-256:9111099EFE9D5C9B391DC132B2FAF0A3851A760D4106D5368E30AC744EB42706
                  SHA-512:1BD260CABE5EA3CEFBBC675162F30092AB157893510F45A1B571489E03EBB2903C55F64F89812754D3FE03C8F10012B8078D1261A7E73AC1F87C82F714BCE03D
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L...S.d...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\nscD595.tmp\ioSpecial.ini

                  Download File
                  Process:C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe
                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                  Category:modified
                  Size (bytes):1346
                  Entropy (8bit):3.695317452368503
                  Encrypted:false
                  SSDEEP:
                  MD5:26A93F0B123303589B28BC78DB488259
                  SHA1:3589B2C43D5F0F135D682CB6B901275088335E03
                  SHA-256:B6CEC9256C2753EA9E4317BF14C2389CFAB6EC4D0A0A56716B4C21C402E15809
                  SHA-512:F65F8E5DF9115051293224F506838E64E85FFC16CDB0F8C6FE911EF29BF3EAA49C28A0C7BBF9EB6E6EFDF50895034165BE913C375736AED8BFCAB530D0C76CA1
                  Malicious:false
                  Reputation:unknown
                  Preview:..[.S.e.t.t.i.n.g.s.].....R.e.c.t.=.1.0.4.4.....N.u.m.F.i.e.l.d.s.=.4.....R.T.L.=.0.....N.e.x.t.B.u.t.t.o.n.T.e.x.t.=.&.F.i.n.i.s.h.....C.a.n.c.e.l.E.n.a.b.l.e.d.=.....S.t.a.t.e.=.0.....[.F.i.e.l.d. .1.].....T.y.p.e.=.b.i.t.m.a.p.....L.e.f.t.=.0.....R.i.g.h.t.=.1.0.9.....T.o.p.=.0.....B.o.t.t.o.m.=.1.9.3.....F.l.a.g.s.=.R.E.S.I.Z.E.T.O.F.I.T.....T.e.x.t.=.C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.n.s.c.D.5.9.5...t.m.p.\.m.o.d.e.r.n.-.w.i.z.a.r.d...b.m.p.....H.W.N.D.=.5.2.4.9.7.8.....[.F.i.e.l.d. .2.].....T.y.p.e.=.l.a.b.e.l.....L.e.f.t.=.1.2.0.....R.i.g.h.t.=.3.1.5.....T.o.p.=.1.0.....T.e.x.t.=.C.o.m.p.l.e.t.i.n.g. .H.a.n.d.B.r.a.k.e. .1...7...3. .S.e.t.u.p.....B.o.t.t.o.m.=.3.8.....H.W.N.D.=.3.2.8.3.5.2.....[.F.i.e.l.d. .3.].....T.y.p.e.=.l.a.b.e.l.....L.e.f.t.=.1.2.0.....R.i.g.h.t.=.3.1.5.....T.o.p.=.4.5.....B.o.t.t.o.m.=.8.5.....T.e.x.t.=.H.a.n.d.B.r.a.k.e. .1...7...3. .h.a.s. .b.e.e.n. .i.n.s.t.a.l.l.e.d. .o.n. .y.o.u.r. .c.o.m.p.u.t.e.r...\.r.\.n.\.r.\.n.C.

                  C:\Users\user\AppData\Local\Temp\nscD595.tmp\modern-wizard.bmp

                  Download File
                  Process:C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe
                  File Type:PC bitmap, Windows 3.x format, 164 x 314 x 8, resolution 2834 x 2834 px/m, 256 important colors, cbSize 52574, bits offset 1078
                  Category:dropped
                  Size (bytes):52574
                  Entropy (8bit):2.732433364316799
                  Encrypted:false
                  SSDEEP:
                  MD5:FE27AF40D69D1F2A72076894E0E6892A
                  SHA1:949BA274D2B6122918BB70E557C0D4E573478088
                  SHA-256:E668F52179D72316CE77862E42708927C5DEEE34E37CE83AD883CD0E0B3D44EF
                  SHA-512:23DBAE163948992D1A34CCF6BF9CDCF1B5387E9D6ABB2B42056C88528738411E53E73AFF0D8D8B5BA3C302D858F74C6803F7D70471318E684D29229FA90FB271
                  Malicious:false
                  Reputation:unknown
                  Preview:BM^.......6...(.......:....................................6....%..'5.146.r.5.z-/..N...f...U(.'Z9..f(..d,..t)..v%..h6..g:..v8..w7.5k9...O.<.B..7K.$<I...r..1n.00k.|.I.w7J.W.{.d.y..DZ.&HY..vE.3sP..Qn.#Wr..br.(c{.LQR.tZT.EnV.GXb.uKq.Tml.wxy.......... ....+..1*../B..MO..PO..Kj..ce..po...........;...$.$.,...........+.-.6...". .,...G...H...K...O...Q...S...U...Z.+.V...\.;.B...h.5.d.).f.;.k...c.5.t.K.W.E.K.G.h.W.l.A.k.\.s.G.r.V.x.j.w.B.x.Y.x.e.{.9.B...r.L.S.m.t._.h.i.p......$..&*.......&..*2..^...h...x....]..!]...o..'l...N..6F...w..,{..OR..oP..Jy..qu..NS..Wd..km..........-7...Q..-Q...p..1i...Y.."Z...c..*k..QV..Vf..nr..Hs.......8...\...K...q...x.......-...4...#...B..._...e...L...`...{......-...6.......2.......'...N...r...R...p...N...i...X...m...e..z...k..w..b.......7.......<...K...}...G...q...K...k...D.......-.......3.......\...i...t...J...o..............................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\nsd181C.tmp\ioSpecial.ini

                  Download File
                  Process:C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe
                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):1346
                  Entropy (8bit):3.687603139401567
                  Encrypted:false
                  SSDEEP:
                  MD5:C5C30FB89095C31BC33E9F0E662AA1A7
                  SHA1:5715816FA5EB2C97B2BCBDEC4E88778C5E21E734
                  SHA-256:AB4F9BCA9D268DCCDDC6E3E03A51D8C9FE3D85794DC50131BEA5AC8057E8C05B
                  SHA-512:9568E1C255F64649AD0DE9038EAA7F7A4D1D2DFBF4589DAAE2E9B1E8F66A366B11548D8DF031B46CDBC77E814B83C0056D9DB09244F73B216CCC00C121131C85
                  Malicious:false
                  Reputation:unknown
                  Preview:..[.S.e.t.t.i.n.g.s.].....R.e.c.t.=.1.0.4.4.....N.u.m.F.i.e.l.d.s.=.4.....R.T.L.=.0.....N.e.x.t.B.u.t.t.o.n.T.e.x.t.=.&.F.i.n.i.s.h.....C.a.n.c.e.l.E.n.a.b.l.e.d.=.....S.t.a.t.e.=.0.....[.F.i.e.l.d. .1.].....T.y.p.e.=.b.i.t.m.a.p.....L.e.f.t.=.0.....R.i.g.h.t.=.1.0.9.....T.o.p.=.0.....B.o.t.t.o.m.=.1.9.3.....F.l.a.g.s.=.R.E.S.I.Z.E.T.O.F.I.T.....T.e.x.t.=.C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.n.s.d.1.8.1.C...t.m.p.\.m.o.d.e.r.n.-.w.i.z.a.r.d...b.m.p.....H.W.N.D.=.3.9.3.9.4.4.....[.F.i.e.l.d. .2.].....T.y.p.e.=.l.a.b.e.l.....L.e.f.t.=.1.2.0.....R.i.g.h.t.=.3.1.5.....T.o.p.=.1.0.....T.e.x.t.=.C.o.m.p.l.e.t.i.n.g. .H.a.n.d.B.r.a.k.e. .1...7...3. .S.e.t.u.p.....B.o.t.t.o.m.=.3.8.....H.W.N.D.=.5.9.0.4.3.8.....[.F.i.e.l.d. .3.].....T.y.p.e.=.l.a.b.e.l.....L.e.f.t.=.1.2.0.....R.i.g.h.t.=.3.1.5.....T.o.p.=.4.5.....B.o.t.t.o.m.=.8.5.....T.e.x.t.=.H.a.n.d.B.r.a.k.e. .1...7...3. .h.a.s. .b.e.e.n. .i.n.s.t.a.l.l.e.d. .o.n. .y.o.u.r. .c.o.m.p.u.t.e.r...\.r.\.n.\.r.\.n.C.

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 28 13:48:52 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2673
                  Entropy (8bit):3.9810663537792634
                  Encrypted:false
                  SSDEEP:
                  MD5:E5B795024658660456F83FD58D229CA9
                  SHA1:9304C8E8FB5EF2466EE4A236EDEC93D9BEE79A6D
                  SHA-256:2C3BE1DEB4ED05371AA7E12846FD8D888EA62FA648C04E39FBC62987C614C599
                  SHA-512:6190FBCB3C7087BAAE56388FE07B09632D8E85D7BD69345780EC82E45203F39B33A66A7FCAA0EB4CD1082EBAFAEAB734AD59A1FBBE4BFA37A98BFAE67AEC8C8C
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,....?./?Uj..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\X.v....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\X.v....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\X.v....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\X.v..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\X.v...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............i.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 28 13:48:52 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2675
                  Entropy (8bit):3.9971048256427877
                  Encrypted:false
                  SSDEEP:
                  MD5:64DDAE024EECEA53B6C36537AEAD7F4B
                  SHA1:36733C7B0B085E0B63E18346A5271D2E0F43AF90
                  SHA-256:5DA8C3047A33C95FA3530D4B6946A971CB5013C9CA7D6F4928528F8C1658CF0F
                  SHA-512:CA919F60C46F303AA7DA968B7F67CDF04099470D1F887DD7D2EA87EC8AFA47B470239F64F5304E883BD1D71E28F654A80B526CA9895885C3BE35B392B1FBE704
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,....4.#?Uj..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\X.v....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\X.v....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\X.v....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\X.v..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\X.v...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............i.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2689
                  Entropy (8bit):4.002597296778028
                  Encrypted:false
                  SSDEEP:
                  MD5:B97C63FD617B185A9BEAB3127725F52B
                  SHA1:61DDF49A0E8DB40E791C90B45180504DC266BC7D
                  SHA-256:B3643BCFDCE398BA9B3D654A5DB5A365B07378AF3DB3EF76D188EDA3F1E852B3
                  SHA-512:15C6C5CF4BE8A1B0E2C219C92166A04EA4D8602EE9E67A54AA9F6C12635172E61825A4AB4620F324F68EB2F20F62875D9347B324D57848FADF4B7D5F8A585AF3
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\X.v....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\X.v....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\X.v....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\X.v..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............i.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 28 13:48:52 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2677
                  Entropy (8bit):3.9956854793923093
                  Encrypted:false
                  SSDEEP:
                  MD5:4B66EF3E901168FAF9370CD06DC6E240
                  SHA1:03ADCD4F5E2FBF06840D26DD17D9DED583128770
                  SHA-256:0727C68A432B4C3A99A872CED61B757891D692D1D1420C6A0B52F5CF3193FBBF
                  SHA-512:939744771B543F16B748E89A870BCC55CADBA91D6A409F3442B3540DA7CC4829DE47B511AE502C242DD80422EEE1FD06746D2026FC00238C753F9056C2C75252
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,....8..?Uj..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\X.v....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\X.v....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\X.v....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\X.v..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\X.v...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............i.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 28 13:48:52 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2677
                  Entropy (8bit):3.98507769883707
                  Encrypted:false
                  SSDEEP:
                  MD5:D80651957CBA987509683AD43A73D0C6
                  SHA1:B95A70E0A46BE09E3ECFCDC188458E8939AC3DB3
                  SHA-256:4360BC66E26D58CF09DB41B37DEFAD12A81688FF03D45DE037E4287D0F7ADDE3
                  SHA-512:50E9EFFAD38713DB9B8AD264013108F824F4A689C309459231EDD3F310D206EA84E05925652A22E2C2F87AFC98A6DA256E6261F22BF648913F1EAEBFF71E2DBE
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,......)?Uj..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\X.v....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\X.v....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\X.v....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\X.v..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\X.v...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............i.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 28 13:48:52 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2679
                  Entropy (8bit):3.991719058326596
                  Encrypted:false
                  SSDEEP:
                  MD5:2C8C12D70E5818E2AF72B240BDFBF2E3
                  SHA1:AD8C0F8CEBECDC93E2B6BDC75BBF30A637A8C9D4
                  SHA-256:EE026CCC06E308FB338E11040C826485A77FBE20A7890C3CDF2C45B4FAD933F3
                  SHA-512:2B05FEBD2A57688BD98F550B9DAD4948FD577D6DE87E331AF943A02336FE01531FAE417CAD06802D456D713D6393DFA67D0FC0C7569E75A2A01B4B749EC7863B
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,.....e.?Uj..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\X.v....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\X.v....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\X.v....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\X.v..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\X.v...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............i.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\Downloads\02ec9df8-6326-4f7e-ba2f-f166e5344fcd.tmp

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):16384
                  Entropy (8bit):6.268228806353402
                  Encrypted:false
                  SSDEEP:
                  MD5:AA2D05C8942C4BB053A4F78224429FF9
                  SHA1:4E25C378A0848FC4E63819F25E4EFCD2C375070B
                  SHA-256:A77F0F70F37633B0BFC9035B6C7AB3E6DC32DAAD4B06B73CA346BAF256803205
                  SHA-512:A09D6FFAFB167751D95E65F70C765CCC60082E610DB2BE2DDEB0DA7A810BB623148AE183C6EBF47D80B5F3EC68A42A1D9F795C620F915655ECC1EA07B80876C8
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN.s~..PN..VH..PN.Rich.PN.........................PE..L...c.d.................f...".......4............@...................................h...@...........................................................h..(...........................................................................................text...Ve.......f.................. ..`.rdata..X............j..............@..@.data...8............~..............@....ndata... ...............................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\Downloads\HandBrake-1.7.3-x86_64-Win_GUI.exe (copy)

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:1A1598A4F8A2D8D6B1925CB22A74D5AA
                  SHA1:CE693673A6F207BE639FC07D21F90833DC386072
                  SHA-256:F80829D30029BA255675929587F2B6665DE2790E52B24845B92D1427C8893264
                  SHA-512:63706B168AA11C6370A36FCE9D73B585486F2A9E396C183EB725430F70A67D5C301701823B1E566B70A601443B748AD428DE2C91E507B4A8F8D14E344571A18F
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN.s~..PN..VH..PN.Rich.PN.........................PE..L...c.d.................f...".......4............@...................................h...@...........................................................h..(...........................................................................................text...Ve.......f.................. ..`.rdata..X............j..............@..@.data...8............~..............@....ndata... ...............................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\Downloads\Unconfirmed 354143.crdownload

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                  Category:dropped
                  Size (bytes):23646760
                  Entropy (8bit):7.999886679917968
                  Encrypted:true
                  SSDEEP:
                  MD5:1A1598A4F8A2D8D6B1925CB22A74D5AA
                  SHA1:CE693673A6F207BE639FC07D21F90833DC386072
                  SHA-256:F80829D30029BA255675929587F2B6665DE2790E52B24845B92D1427C8893264
                  SHA-512:63706B168AA11C6370A36FCE9D73B585486F2A9E396C183EB725430F70A67D5C301701823B1E566B70A601443B748AD428DE2C91E507B4A8F8D14E344571A18F
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN.s~..PN..VH..PN.Rich.PN.........................PE..L...c.d.................f...".......4............@...................................h...@...........................................................h..(...........................................................................................text...Ve.......f.................. ..`.rdata..X............j..............@..@.data...8............~..............@....ndata... ...............................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................

                  Chrome Cache Entry: 101

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Web Open Font Format, TrueType, length 14036, version 1.0
                  Category:downloaded
                  Size (bytes):14036
                  Entropy (8bit):7.963593700527412
                  Encrypted:false
                  SSDEEP:
                  MD5:1281B6468AA3D7D9F458CE9A65E9844F
                  SHA1:8C729688429E722E7E7908187968FFEB4F320EF1
                  SHA-256:0279BE322D37874419A3C4F4104D16F10440F5F10300A8341FE45FD70EFF5905
                  SHA-512:BE1E5E712BED300DEF0D0B8F7B813F08FDED5F37FC03CD2E426C28B7B6DBA090689251C3B131FC674DAEF73D30A48E9E74863A6DEEE4747FB66B51A4111664BA
                  Malicious:false
                  Reputation:unknown
                  URL:https://handbrake.fr/fonts/OpenSans-Bold-webfont.woff
                  Preview:wOFF......6.......R.........................FFTM...l........_...GDEF........... ....OS/2.......^...`.m.<cmap.............[,<cvt ... ...$...$...Dfpgm...D.......e../.gasp................glyf......,Z..D`..M.head..1\...4...6.e..hhea..1........$....hmtx..1....s....)N).loca..3$............maxp..4 ... ... ....name..4@........$1@<post..58...(....3...prep..6`...t.....0._x.c```d...... .4.0(...=g...x.c`d``..b...`b..[.$............x.c`f1b......:....Q.B3_dHc.................B4.....3.:.;3(0(<``..'.........8.$....H.........x.c```f.`..F..8..1..,.+........P..a1.R......(p).(H*.*().).+.+.QTz...?P..P."...@u......2...?...............Y.R.$=Hx.. .A......'*.@.C.`dc.+fd..L...^daec........................WPTRVQUS........70426153........wptrvqus........................OH$..).0d.Hk...bSV...**kj....&b.....J.......^...........1.1.6.......,.&....x.]Q.N[A........ 9.......6H ....vc9B.\.b\..P Q..k.h(S.M...$>.O...5..4;;.s.3K..wi..s.H.n.f.~'..E.....FF..#-63z.}...f4.N.@y.[.CF.N....2?..>..<...f..Zg!=..|3ni.

                  Chrome Cache Entry: 102

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Unicode text, UTF-8 text, with very long lines (2464)
                  Category:downloaded
                  Size (bytes):18325
                  Entropy (8bit):5.081830973592617
                  Encrypted:false
                  SSDEEP:
                  MD5:AB57E7EE209595BC9BF4C42598270FE5
                  SHA1:64BC950511C99E9EE43472B95C5D97733DF174CE
                  SHA-256:E122E8EB81EE643373B14A806454FC1F15EF58B749718546F1C94DD7DDB5B93E
                  SHA-512:4FA1E8DF14CDFCEE60510F197F963AF5A09CDC03EAE6E638F28D506E74A531A0D06F30B25DDE4233B061895FA7A81936BD8503B9E6EFE285B7099F64E32A72AF
                  Malicious:false
                  Reputation:unknown
                  URL:https://handbrake.fr/css/main.css
                  Preview:/*! normalize.css v1.1.0 | MIT License | git.io/normalize */.article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}audio,canvas,video{display:inline-block;*display:inline;*zoom:1}audio:not([controls]){display:none;height:0}[hidden]{display:none}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}html,button,input,select,textarea{font-family:sans-serif}body{margin:0}a:focus{outline:thin dotted}a:active,a:hover{outline:0;text-decoration:none}h1{font-size:2em;margin:.67em 0}h2{font-size:1.5em;margin:.83em 0}h3{font-size:1.17em;margin:1em 0}h4{font-size:1em;margin:1.33em 0}h5{font-size:.83em;margin:1.67em 0}h6{font-size:.67em;margin:2.33em 0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}blockquote{margin:1em 40px}dfn{font-style:italic}hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}mark{background:#ff0;color:#000}p,pre{margin:1em 0}code,kbd,pre,samp{font-family:monospace,serif;_font-family

                  Chrome Cache Entry: 103

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Web Open Font Format, TrueType, length 15836, version 1.0
                  Category:downloaded
                  Size (bytes):15836
                  Entropy (8bit):7.96401030594799
                  Encrypted:false
                  SSDEEP:
                  MD5:FEC74383F4372829103A61220272DA47
                  SHA1:A535C0776F9B9C60C620DEEA91A4F14B466D3C27
                  SHA-256:52C00140F225C746D68DFE91C701A02ECBD1EB2D984E2E799317E5BB80D6673A
                  SHA-512:CA63BBD4B0F5C9A3FFCC99E05EB923260C1BC65D88338F64468DC469D175CD62DFD97332620A1FE9341AED19053BBFDA1ABA72C4CBABFECAA9CFD151BC3C74FD
                  Malicious:false
                  Reputation:unknown
                  URL:https://handbrake.fr/fonts/OpenSans-Italic-webfont.woff
                  Preview:wOFF......=.......\.........................FFTM...l........_...GDEF........... ....OS/2.......]...`.Eu.cmap.............[,<cvt ... ...@...@....fpgm...`.......e../.gasp................glyf......2...M...,@head..7....3...6...2hhea..8...."...$...=hmtx..88..........#.loca..9...........fmaxp..:.... ... ....name..:.........%.A.post..;....*....3...prep..=........R.c.]x.c```d...... .4.2.m..;..H..x.c`d``..b...`b..[.$............x.c`f..8.....u..1...<.f....................B4PP............0....ah..e.P``...c.`....\........x.c```f.`..F..8..1..,.+........P..a1.R......(p).(H*.*().).+.+.QTz...?P..P."...@u......2...?...............Y.R.$=Hx.. .A......'*.@.C.`dc.+fd..L...^daec........................WPTRVQUS........70426153........wptrvqus........................OH$..).0d.Hk...bSV...**kj....&b.....J.......H.....C.i.u.}...........................................x..x.]Q.N[A........ 9.......6H ....vc9B.\.b\..P Q..k.h(S.M...$>.O...5..4;;.s.3K..wi..s.H.n.f.~'..E.....FF..#-63z.}...f4.N.@y.[.CF.N..

                  Chrome Cache Entry: 104

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.3.4], baseline, precision 8, 591x392, components 3
                  Category:dropped
                  Size (bytes):53399
                  Entropy (8bit):7.915616610617477
                  Encrypted:false
                  SSDEEP:
                  MD5:88DAEBEB235B65556387B483536CBEA4
                  SHA1:3FB779874BFD0496928D6FB089744D1F6F84DFE5
                  SHA-256:BB75F0068924A3965C907BBF89D2B3B11B58E154701445A5A6BCB6DDCB4D258F
                  SHA-512:F5EF70A8BFDC3563F0F127E859A46970D6444FC7AEC70EBAD1B0A698095157A2E335B0A807A68F6273A967402A2033BF1EE4191854CEE32D404A5944C1649921
                  Malicious:false
                  Reputation:unknown
                  Preview:......JFIF.....`.`.....fExif..MM.*.................>...........F.(...........1.........N.......`.......`....paint.net 4.3.4....C.....................................'!..%..."."%()+,+. /3/*2'*+*...C...........*...**************************************************........O..!............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..?.ij......._...wB...j..x..N..V.a.n..a...s....zT3Gq.s@.$R(tu9...".@...Q@....x..W....6.;j2Cb...V!.*...9..s..o.YZ..._..................YZ..._.................3.+.sS[..!..f.[...Va$,....<.<.(.....(....(..._.G...]*.=......5.[F.,.....O\v..;_.w.n...f......1.0..`2}@......|[

                  Chrome Cache Entry: 106

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, Unicode text, UTF-8 text
                  Category:downloaded
                  Size (bytes):5883
                  Entropy (8bit):4.647312621785411
                  Encrypted:false
                  SSDEEP:
                  MD5:16273009162E85161AA16C75406A6ACE
                  SHA1:F711E33A59EEF28960411954E2636860149AE555
                  SHA-256:1DAD2A65417024CD31261B5447B93FB6663AE61F4500F435DF0CD45BA4D1316A
                  SHA-512:6F3B064DE192072E395F2F4A6BBE9ED8A618EDAB1BB049F2079D0ACED2346E276F786AFFDAA6E48E02B1D44022C7FA2154D6C01CDAE4CF7B10F9D24BA971138D
                  Malicious:false
                  Reputation:unknown
                  URL:https://handbrake.fr/
                  Preview:<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="utf-8">. <title>HandBrake: Open Source Video Transcoder</title>. <meta name="description" content="HandBrake is an open-source, GPL-licensed, multiplatform, multithreaded video transcoder.">. <meta name="viewport" content="width=device-width">..<meta name="author" content="https://ethercycle.com/">. <link rel="stylesheet" href="css/main.css">. <link rel="alternate" type="application/rss+xml" title="HandBrake RSS Feed" href="/rss.php" />. EU cookie consent -->. <link rel="stylesheet" type="text/css" href="css/cookieconsent.min.css" />. <script src="js/vendor/cookieconsent.min.js"></script>.. <script>. window.addEventListener("load", function(){. window.cookieconsent.initialise({. "palette": {. "popup": {. "background": "#252e39". },. "button": {. "background": "#14a7d0".

                  Chrome Cache Entry: 107

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.3.4], baseline, precision 8, 591x390, components 3
                  Category:downloaded
                  Size (bytes):52947
                  Entropy (8bit):7.882097849410047
                  Encrypted:false
                  SSDEEP:
                  MD5:D3CEF41E19BEB807EE191C04AC1AF0DD
                  SHA1:A8DBE3AF245443DB3AE4A03FD581377EC092222D
                  SHA-256:1DA71133B0D4ADF8FCF6A98AD5AF574E243A55C1DB057DE0A12A7E2302A95277
                  SHA-512:10C40DC56282A163D2DD40AF9E30B23F0B24A3B55514F4CB7EE8932821FE0BF2E6AEAB0F473DD8F4242A76C366BA3686F4C10D1281309762C595797516F34D7C
                  Malicious:false
                  Reputation:unknown
                  URL:https://handbrake.fr/img/slides/slide1_win.jpg
                  Preview:......JFIF.....`.`.....fExif..MM.*.................>...........F.(...........1.........N.......`.......`....paint.net 4.3.4....C.....................................'!..%..."."%()+,+. /3/*2'*+*...C...........*...**************************************************........O..!............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....S..I.....>..wk..]z........F..........?...d.a.?.......E.].....o.1.....Av.c..}.:<...~tY..y...........d.a.?.......E.].....o.1.....Av.c..}.:<...~tY..y...........d.a.?.......E.].....o.1.....Av.c..}.:<...~tY..y...........d.a.?.......E.].....o.1.....Av.

                  Chrome Cache Entry: 108

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (1460)
                  Category:downloaded
                  Size (bytes):4959
                  Entropy (8bit):4.822629034423409
                  Encrypted:false
                  SSDEEP:
                  MD5:AA20AB43CDFF78EB5B39E582F9AD5D76
                  SHA1:1AC1F45E49BA10F0212C1CF66B915331AEA38EBC
                  SHA-256:D189C5EC40FC4EE02F43E336D1C7C6C99CEDC0EF397A5C5F225DEBE5A4FBB6F1
                  SHA-512:FE7CECF86821B8E08CC1CB0B37B47F29C6DE949A283FE8BF4DB3803F8CE1CF7FC2D92B4D09FAD8E34DCCAF1007E7FCB2A7F477A5778C74ACB6B50448DD46162C
                  Malicious:false
                  Reputation:unknown
                  URL:https://handbrake.fr/css/cookieconsent.min.css
                  Preview:.cc-window{opacity:1;-webkit-transition:opacity 1s ease;transition:opacity 1s ease}.cc-window.cc-invisible{opacity:0}.cc-animate.cc-revoke{-webkit-transition:transform 1s ease;-webkit-transition:-webkit-transform 1s ease;transition:-webkit-transform 1s ease;transition:transform 1s ease;transition:transform 1s ease,-webkit-transform 1s ease}.cc-animate.cc-revoke.cc-top{-webkit-transform:translateY(-2em);transform:translateY(-2em)}.cc-animate.cc-revoke.cc-bottom{-webkit-transform:translateY(2em);transform:translateY(2em)}.cc-animate.cc-revoke.cc-active.cc-top{-webkit-transform:translateY(0);transform:translateY(0)}.cc-animate.cc-revoke.cc-active.cc-bottom{-webkit-transform:translateY(0);transform:translateY(0)}.cc-revoke:hover{-webkit-transform:translateY(0);transform:translateY(0)}.cc-grower{max-height:0;overflow:hidden;-webkit-transition:max-height 1s;transition:max-height 1s}..cc-revoke,.cc-window{position:fixed;overflow:hidden;-webkit-box-sizing:border-box;box-sizing:border-box;font-

                  Chrome Cache Entry: 109

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                  Category:downloaded
                  Size (bytes):6518
                  Entropy (8bit):5.0709265390605625
                  Encrypted:false
                  SSDEEP:
                  MD5:F15302998C737C450664C72A4FE2362E
                  SHA1:618477CD2E582C1C68C5D82F2CD5DC19B6A45266
                  SHA-256:4CE472694AEE510DB0D90A5439D08E465BF3C4CE9CAA61BCB554B9B77E414E31
                  SHA-512:8F40E64D39CC358B7D2A7A9F09C12FFD955C991853056A7F7B32B4FB84B5D9965687A7D712853680549FCD419762C0B5CCE2083048C2DCC4AB253055B00393CA
                  Malicious:false
                  Reputation:unknown
                  URL:https://handbrake.fr/favicon.ico
                  Preview:............ .(...&... .... .(...N...(....... ..... ....................................R.........y...B...................................................ccc............G....6..........................................P....svvlZZZL...>...f.3D..7K..@V..6I....,....................mmm....S........2AF3.:P..[x.#d.. ]{..Uq..F_...........................}.........,B~.Uq.#i..&n..%h..#d...Rm..If-........j.b............o...\..S.*...Kc.)s..-{..)r..#e.."a...Kei....a.."Q~..E...5|..5}..8...9....[...0N.*s../.../...(n..#c...Ro{............H...........)...>..Ow..`...1w..1.../~..)t..#d...Rns............WW..GB..Z^..G8...N..F...S...2~..2...2...,x..$e...OnZ....DD.Y........~p......mx..t...K....y../w..8...+x..'o...[z..;].........M.JRpI........q...t...}h.=....-p.k&o...ZC..E!..<0.............Y..u8p..Xc.n.._.p..;F..(.............\...^...T...@...B$E....]...^...d...K..}......(p..*.......'..fw..s5..n...`+..Y(..Q)..U*......N.z}..?..5.:0......A...0D......U..y@..w6..h-..k5..v>..qB..3...-.q.).1....m.........

                  Chrome Cache Entry: 111

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Web Open Font Format, TrueType, length 13988, version 1.0
                  Category:downloaded
                  Size (bytes):13988
                  Entropy (8bit):7.960184831966907
                  Encrypted:false
                  SSDEEP:
                  MD5:5A232D0DAAF2562BF4910C1F699EEAAB
                  SHA1:A07F3DAA46691580836ACB6CA6B38FCC89602856
                  SHA-256:3B4AE61D6E9FB6FA5D10B2390885F2E68F4443285D5B2E17C782393C6ACF793F
                  SHA-512:3E781762580ED016CA1F1113B1BE918BFEFBD64BEAD6277712941CE106C3A084C5E5E2F9629F7E1D2BD87982ABA643C16F8D7F58D28D9FE61E3F014DBDE36ABA
                  Malicious:false
                  Reputation:unknown
                  URL:https://handbrake.fr/fonts/OpenSans-Regular-webfont.woff
                  Preview:wOFF......6.......P.........................FFTM...l........_..(GDEF........... ....OS/2.......]...`.6~.cmap.............[,<cvt ... ...@...@.f..fpgm...`.......e../.gasp................glyf......+...B.XA..head..0....3...6.N..hhea..0........$....hmtx..1...........1.loca..2.............maxp..3.... ... ....name..3.........%8@Qpost..4....(....3...prep..5........|.`.,x.c```d...... .4..J(]..>....x.c`d``..b...`b..[.$............x.c`faa......:....Q.B3_dHc.................B4.....3.:.;3...0....ah..e.P``...c.`....\..!.a...x.c```f.`..F..8..1..,.+........P..a1.R......(p).(H*.*().).+.+.QTz...?P..P."...@u......2...?...............Y.R.$=Hx.. .A......'*.@.C.`dc.+fd..L...^daec........................WPTRVQUS........70426153........wptrvqus........................OH$..).0d.Hk...bSV...**kj....&b.....J.......H.....K.e.u.y...............`.w.{..........................x.]Q.N[A........ 9.......6H ....vc9B.\.b\..P Q..k.h(S.M...$>.O...5..4;;.s.3K..wi..s.H.n.f.~'..E.....FF..#-63z.}...f4.N.@y.[.CF.N..

                  Chrome Cache Entry: 112

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text
                  Category:downloaded
                  Size (bytes):1352
                  Entropy (8bit):4.463511770895052
                  Encrypted:false
                  SSDEEP:
                  MD5:28E2613B9779A364D208BE1DA654FB7C
                  SHA1:E3F2D95A46B8FB6FB5C51ABD0623750D0B36FC64
                  SHA-256:ACA48B186336091F60C3A2945D399CEDAD6F86D42168378F304D898736C1D778
                  SHA-512:A6E48369AF27E7E1721922ECDE5A1B1296B3546F7CD8D163188AB77A2CA9A1CDFCA1B820942F038FC71B00CC45CB71F0255BCA0FA6A28EF8953DFE7D30B626AE
                  Malicious:false
                  Reputation:unknown
                  URL:https://handbrake.fr/js/main.js
                  Preview:$(function() {. if ($("#slideshow")) {. var a = false;. var b = $(document.createElement("div")).attr("id", "carouselNav");. $("#slideshow img:gt(0)").hide();. $("#slideshow").after(b);. $("#slideshow img").each(function() {. $(document.createElement("a")).appendTo($(b)).addClass("bullet").click(function(a) {. a.preventDefault();. clearInterval(c);. $(this).addClass("active").siblings().removeClass("active");. $("#slideshow img").fadeOut();. $($("#slideshow img").get($(this).index())).fadeIn();. }). });. $(b).children(":first").addClass("active");. var c = setInterval(function() {. if ($("#slideshow img:visible").index() == $("#slideshow img").length - 1) {. $($(b).children().get($("#slideshow img:visible").index())).removeClass("active").siblings().filter(":first").addClass("active").end();.

                  Chrome Cache Entry: 113

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:PNG image data, 250 x 250, 8-bit colormap, non-interlaced
                  Category:dropped
                  Size (bytes):20586
                  Entropy (8bit):7.970975568955925
                  Encrypted:false
                  SSDEEP:
                  MD5:9F5123ECD3D3E05ADC00D68286B10F7A
                  SHA1:5827BDE1F4E441483EF045837F1856A4A4090998
                  SHA-256:AF72AC69C62071AAED704FE092AD61B66E05D2456569CF0DBFA48641D5F94C4E
                  SHA-512:E5AFC31D402714F34B37B7BFF2EA3B461459E9FEA54ABDDB28F311B214D82B4438BA76DFACEBB4A7236260E9DA28C558D920A9AD1ECEC516AAE1744472554DCD
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR..............2......PLTE..0iM...5\>.vZ'qo:.|.Lu..)g.#}..7.....^.YZ.$......'.98#.....ZWW..`4_.F6.(F.....eZ..R..rD.+......ULL5X.lckS..STUk.'M< ......sps=c!...A=7....".{uk}xv.........Ns+.ul...soj...[.4HP8.................QQQ.........7<4d.O[vG............d}L........,-,<<:.............................../................................D.......z[..PH).....I.zJ..w..t..].$.v-..?......R.......rHUC.........%.*..,".n../.6/...>.3..]....B........n#`......R.L.....e3.$..;.....L.....f',...v...F7.....\ .A:...{..G.w.U..i-$....C.g.....}{..W.D.....x^(iS$....R..lh.J..S..u3?0./$..[....../..[..N.....>..........)T..fa?v..h.....^.^J"2x.fK.8i.H4.U..0].H..........j.@#^.L.. n........d.OI...B/..`./!..W..5..=9(...#......N..uq....[..:..........8..4.]X.B..h$.n&.c".z+..2.^.R<..t(wX.^D...-oQ.\h.-...gtRNS..................................a...>.|.....\...f_.j.........D...[0....../.L"F>.)7.R...........6..L.IDATx..mpS...9IJ.&.`....0x....F....%..g....).@c.si)7m.$..!1w.p .

                  Chrome Cache Entry: 117

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, ASCII text
                  Category:downloaded
                  Size (bytes):6998
                  Entropy (8bit):4.715170235456682
                  Encrypted:false
                  SSDEEP:
                  MD5:E2F52EC6BC52FAEC3065679866FBE6DB
                  SHA1:15D4D62EF7CEE454565CB02EB4E53120A3C59316
                  SHA-256:A2D5985B8891311D113677474DEED016ECB73AEE8209C4E1DD9621D64D92BA49
                  SHA-512:B9D43DD815B6011DEE3C8B9E9F7BF93B403216FD3E61B3DB5D2C16BEBADE3657F96DEC6640BB7E465A8ECC6106F89E252AABFA5C3993A716E246C89D56C3D150
                  Malicious:false
                  Reputation:unknown
                  URL:https://handbrake.fr/rotation.php?file=HandBrake-1.7.3-x86_64-Win_GUI.exe
                  Preview:<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="utf-8">. <title>HandBrake</title>. <meta name="description" content="">. <meta name="viewport" content="width=device-width">..<meta name="author" content="https://ethercycle.com/">. <link rel="stylesheet" href="css/main.css">. <link rel="alternate" type="application/rss+xml" title="HandBrake RSS Feed" href="/rss.php" />. EU cookie consent -->. <link rel="stylesheet" type="text/css" href="css/cookieconsent.min.css" />. <script src="js/vendor/cookieconsent.min.js"></script>.. <script>. window.addEventListener("load", function(){. window.cookieconsent.initialise({. "palette": {. "popup": {. "background": "#252e39". },. "button": {. "background": "#14a7d0". }. },. "theme": "edgeless",. "position": "top",.. "static": true,.. "type": "op

                  Chrome Cache Entry: 119

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.3.4], baseline, precision 8, 591x392, components 3
                  Category:downloaded
                  Size (bytes):45804
                  Entropy (8bit):7.8074504938521025
                  Encrypted:false
                  SSDEEP:
                  MD5:F5EC0D507CE2CA97C84756CFA116A5F3
                  SHA1:11273AC076F5C22A42B739EC7300D980758B32B4
                  SHA-256:08DEFBCD5FFF3C1F1FB0618A6C6C608633D04E70E7423F7EE4470EF23F678454
                  SHA-512:E8FD8582BEB83E73CD67AF0CF04166A33A9D4DF4E060E21983E39A584FB90FECEC17C99278136C1016DDB88DA83CD19B67173199C0B23EB0E6866219F66690A4
                  Malicious:false
                  Reputation:unknown
                  URL:https://handbrake.fr/img/slides/slide3_win.jpg
                  Preview:......JFIF.....`.`.....fExif..MM.*.................>...........F.(...........1.........N.......`.......`....paint.net 4.3.4....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((........O..!............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..e....S..I........%'v.......<...~t$.......o.1....; ..1.....c..}.:,..<...~ty..............?..........G....o. ..1.....c..}.:,..<...~ty..............?..........G....o. ..1.....c..}.:,..<...~ty..............?..........G....o. ..1.....c..}.:,..<...~ty....

                  Chrome Cache Entry: 120

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (65447)
                  Category:downloaded
                  Size (bytes):89664
                  Entropy (8bit):5.290543045467053
                  Encrypted:false
                  SSDEEP:
                  MD5:00727D1D5D9C90F7DE826F1A4A9CC632
                  SHA1:EA61688671D0C3044F2C5B2F2C4AF0A6620AC6C2
                  SHA-256:A3CF00C109D907E543BC4F6DBC85EB31068F94515251347E9E57509B52EE3D74
                  SHA-512:69528A4518BF43F615FB89A3A0A06C138C771FE0647A0A0CFDE9B8E8D3650AA3539946000E305B78D79F371615EE0894A74571202B6A76B6EA53B89569E64D5C
                  Malicious:false
                  Reputation:unknown
                  URL:https://handbrake.fr/js/vendor/jquery-3.6.1.min.js
                  Preview:/*! jQuery v3.6.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,y=n.hasOwnProperty,a=y.toString,l=a.call(Object),v={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

                  Chrome Cache Entry: 121

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (20693)
                  Category:downloaded
                  Size (bytes):20694
                  Entropy (8bit):5.222035017240367
                  Encrypted:false
                  SSDEEP:
                  MD5:CFC518D61ED6C31EA9FE836227A3A2AD
                  SHA1:58245065C3C137F38E1A55F3A0A32B2ED0A24415
                  SHA-256:DFB6771C2D248CE35833343CCE64D27E4A5450E9F8AD8B289CF001E492821D59
                  SHA-512:3CF3FF7DB1CCCED2A5B639829C10FD8B6D7D8B17275D3A6DC8E1FD9932A25ECE19BA9B4F4CE9F00D3B0A40B19298A8A029502BEE440C1B9689238D14C19A4041
                  Malicious:false
                  Reputation:unknown
                  URL:https://handbrake.fr/js/vendor/cookieconsent.min.js
                  Preview:!function(e){if(!e.hasInitialised){var t={escapeRegExp:function(e){return e.replace(/[\-\[\]\/\{\}\(\)\*\+\?\.\\\^\$\|]/g,"\\$&")},hasClass:function(e,t){var i=" ";return 1===e.nodeType&&(i+e.className+i).replace(/[\n\t]/g,i).indexOf(i+t+i)>=0},addClass:function(e,t){e.className+=" "+t},removeClass:function(e,t){var i=new RegExp("\\b"+this.escapeRegExp(t)+"\\b");e.className=e.className.replace(i,"")},interpolateString:function(e,t){return e.replace(/{{([a-z][a-z0-9\-_]*)}}/gi,function(e){return t(arguments[1])||""})},getCookie:function(e){var t=("; "+document.cookie).split("; "+e+"=");return t.length<2?void 0:t.pop().split(";").shift()},setCookie:function(e,t,i,n,o,s){var r=new Date;r.setHours(r.getHours()+24*(i||365));var a=[e+"="+t,"expires="+r.toUTCString(),"path="+(o||"/")];n&&a.push("domain="+n),s&&a.push("secure"),document.cookie=a.join(";")},deepExtend:function(e,t){for(var i in t)t.hasOwnProperty(i)&&(i in e&&this.isPlainObject(e[i])&&this.isPlainObject(t[i])?this.deepExtend(e[

                  Chrome Cache Entry: 122

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Web Open Font Format, TrueType, length 32468, version 1.0
                  Category:downloaded
                  Size (bytes):32468
                  Entropy (8bit):7.986412605671292
                  Encrypted:false
                  SSDEEP:
                  MD5:4591928BEA1DB5C6FF6A7598A98DFFF4
                  SHA1:B3C792DC8C5F4CD254ABD83AC9C3DE6577C8AA1C
                  SHA-256:18E57E55C57081AE4FDD3EAE66123AA5F328214C306F1DED031CDC8EB7ED4DB9
                  SHA-512:F5728F1B987598ADC8C09E6278F5F952460D7E674B8701FF09A8513DAC454AC9F7E8BB0C70108E598021B25F7977A049747B2255CCCCDE95E2868BA1447C490E
                  Malicious:false
                  Reputation:unknown
                  URL:https://handbrake.fr/fonts/danielbk-webfont.woff
                  Preview:wOFF......~.................................FFTM...............GDEF........... ....OS/2.......H...`....cmap..............N.cvt .......R...R ..mfpgm...0.......eS./.gasp................glyf......t)........head..y....1...6.k..hhea..yL... ...$.a..hmtx..yl........n..8loca..{..........n.maxp..{.... ... ....name..|.........#.BSpost..|..........~.Fprep..~.........1.Zjwebf..~.........pqQ|x.c```d..3...3 .......4.....x.c`d``..b...`b`..r f.....g.....x.c`au`na`e`a..X...{..f.`Hc.b``..b...0p>``K.......R.....$.....H)00..C...x.c```f.`..F.......|... -. .....8.x....0.U.R.Q.W.....?X.HF.,. ..a......O.....A..n.....`..l.piF.....00....sprq............KHJI....+(*)....khji............[XZY....;8:9....{xzy............GDFE....'$&1P.$.....t..:./................#.A.G.P.c.g.w.....l............./.H.L.X...'.=.8...V.%.........!.D....x.]Q.N[A........ 9......{.....bd;...i7r..q..@.D......H..!.H|B>!.3k..4;;.s.3K..w.k.S.$.....6.NH..........Zlf..u......;j..=o)..M;.Z...........;..4...:..!..qK..........b00.....?.

                  Static File Info

                  No static file info