Edit tour

Windows Analysis Report
https://u16077415.ct.sendgrid.net/ls/click?upn=u001.WIMIHl3ITxUsrn2QziffoVQAGkPtLwU8RAqygpTMgrrRGvOYesJ9odlOf7721n2iIrTNuxWGRUBKdhe-2FMx4-2BDj-2BBA6X44UuBdITBKtGjktizz1gfjUrKUNh-2FwZOA1gX68a-2FIrXlU4iZjZyZ6m9U24-2FmDmvkU96y1grCwNAblRTouhrBDRRKmkSTBNZ3Iel0h54JezJalLl6FDxXU4mBMzEh7S-2BLHNf3yanQcs3IpiG

Overview

General Information

Sample URL:	https://u16077415.ct.sendgrid.net/ls/click?upn=u001.WIMIHl3ITxUsrn2QziffoVQAGkPtLwU8RAqygpTMgrrRGvOYesJ9odlOf7721n2iIrTNuxWGRUBKdhe-2FMx4-2BDj-2BBA6X44UuBdITBKtGjktizz1gfjUrKUNh-2FwZOA1gX68a-2FIrXlU4i
Analysis ID:	1412623

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 5924 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://u16077415.ct.sendgrid.net/ls/click?upn=u001.WIMIHl3ITxUsrn2QziffoVQAGkPtLwU8RAqygpTMgrrRGvOYesJ9odlOf7721n2iIrTNuxWGRUBKdhe-2FMx4-2BDj-2BBA6X44UuBdITBKtGjktizz1gfjUrKUNh-2FwZOA1gX68a-2FIrXlU4iZjZyZ6m9U24-2FmDmvkU96y1grCwNAblRTouhrBDRRKmkSTBNZ3Iel0h54JezJalLl6FDxXU4mBMzEh7S-2BLHNf3yanQcs3IpiGYu1aIlY6c6-2FGZLMdnfVo5vCY-2ByJT9jSl3og-2BQ-2FpzLXWYPVmv-2FaTIBpqHPeSyyB0IPJVz0RIXii-2B-2Fjp5j-2BUCEvoenHa_QmLBHBBLHzQmyhr1PZfb4lsyCADn8CYMgBnux-2FlK2kMKVWwIBoQcb3WH7gnaN7crpQUyrzCvtrYuaDCVI8VNQlheEGJpfRUtSvERx4ET1NCvaPPJCnZUikyFXh1QXUQV4uFYYo3XuXxC9KTqoGE0E-2BOkKJT6lGL3xQwy91mpSKG0X7ZzPPfCBogh2K1bWU4sfJr8oHWvPBwY4ffqMEFxPA-3D-3D MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 4652 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1940,i,11071430071186794691,14907073953723381011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• Compliance
• Software Vulnerabilities
• Networking
• System Summary
• Boot Survival

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.17:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.17:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.152.20:443 -> 192.168.2.17:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49803 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 28MB

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94

Source: unknown

DNS traffic detected: queries for: u16077415.ct.sendgrid.net

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.17:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.17:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.152.20:443 -> 192.168.2.17:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49803 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@14/45@28/114

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://u16077415.ct.sendgrid.net/ls/click?upn=u001.WIMIHl3ITxUsrn2QziffoVQAGkPtLwU8RAqygpTMgrrRGvOYesJ9odlOf7721n2iIrTNuxWGRUBKdhe-2FMx4-2BDj-2BBA6X44UuBdITBKtGjktizz1gfjUrKUNh-2FwZOA1gX68a-2FIrXlU4iZjZyZ6m9U24-2FmDmvkU96y1grCwNAblRTouhrBDRRKmkSTBNZ3Iel0h54JezJalLl6FDxXU4mBMzEh7S-2BLHNf3yanQcs3IpiGYu1aIlY6c6-2FGZLMdnfVo5vCY-2ByJT9jSl3og-2BQ-2FpzLXWYPVmv-2FaTIBpqHPeSyyB0IPJVz0RIXii-2B-2Fjp5j-2BUCEvoenHa_QmLBHBBLHzQmyhr1PZfb4lsyCADn8CYMgBnux-2FlK2kMKVWwIBoQcb3WH7gnaN7crpQUyrzCvtrYuaDCVI8VNQlheEGJpfRUtSvERx4ET1NCvaPPJCnZUikyFXh1QXUQV4uFYYo3XuXxC9KTqoGE0E-2BOkKJT6lGL3xQwy91mpSKG0X7ZzPPfCBogh2K1bWU4sfJr8oHWvPBwY4ffqMEFxPA-3D-3D
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1940,i,11071430071186794691,14907073953723381011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1940,i,11071430071186794691,14907073953723381011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://u16077415.ct.sendgrid.net/ls/click?upn=u001.WIMIHl3ITxUsrn2QziffoVQAGkPtLwU8RAqygpTMgrrRGvOYesJ9odlOf7721n2iIrTNuxWGRUBKdhe-2FMx4-2BDj-2BBA6X44UuBdITBKtGjktizz1gfjUrKUNh-2FwZOA1gX68a-2FIrXlU4iZjZyZ6m9U24-2FmDmvkU96y1grCwNAblRTouhrBDRRKmkSTBNZ3Iel0h54JezJalLl6FDxXU4mBMzEh7S-2BLHNf3yanQcs3IpiGYu1aIlY6c6-2FGZLMdnfVo5vCY-2ByJT9jSl3og-2BQ-2FpzLXWYPVmv-2FaTIBpqHPeSyyB0IPJVz0RIXii-2B-2Fjp5j-2BUCEvoenHa_QmLBHBBLHzQmyhr1PZfb4lsyCADn8CYMgBnux-2FlK2kMKVWwIBoQcb3WH7gnaN7crpQUyrzCvtrYuaDCVI8VNQlheEGJpfRUtSvERx4ET1NCvaPPJCnZUikyFXh1QXUQV4uFYYo3XuXxC9KTqoGE0E-2BOkKJT6lGL3xQwy91mpSKG0X7ZzPPfCBogh2K1bWU4sfJr8oHWvPBwY4ffqMEFxPA-3D-3D	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
u16077415.ct.sendgrid.net	167.89.123.122	true	false	high
urlday.cc	172.67.153.197	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	high
relay.walletconnect.org	47.128.173.105	true	false	unknown
lb31.uswest.vin65.com	52.41.126.131	true	false	high
zhu-ni-hao-yun.sh	104.21.23.195	true	false	unknown
relay.walletconnect.com	44.212.234.94	true	false	unknown
www.google.com	142.250.65.228	true	false	high
api.web3modal.com	104.18.29.72	true	false	unknown
settled-blockfi.com	176.10.111.199	true	false	unknown
www.coleneclemens.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://settled-blockfi.com/claim/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.23.195	zhu-ni-hao-yun.sh	United States	13335	CLOUDFLARENETUS	false
167.89.123.122	u16077415.ct.sendgrid.net	United States	11377	SENDGRIDUS	false
52.41.126.131	lb31.uswest.vin65.com	United States	16509	AMAZON-02US	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
172.253.63.84	unknown	United States	15169	GOOGLEUS	false
47.128.173.105	relay.walletconnect.org	Canada	34533	ESAMARA-ASRU	false
44.212.234.94	relay.walletconnect.com	United States	14618	AMAZON-AESUS	false
142.250.65.228	www.google.com	United States	15169	GOOGLEUS	false
142.250.81.234	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.67.153.197	urlday.cc	United States	13335	CLOUDFLARENETUS	false
142.251.40.163	unknown	United States	15169	GOOGLEUS	false
176.10.111.199	settled-blockfi.com	Switzerland	51395	AS-SOFTPLUSCH	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
142.250.72.110	unknown	United States	15169	GOOGLEUS	false
142.251.40.170	unknown	United States	15169	GOOGLEUS	false
142.250.176.195	unknown	United States	15169	GOOGLEUS	false
104.18.29.72	api.web3modal.com	United States	13335	CLOUDFLARENETUS	false
142.251.35.163	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.17
192.168.2.20

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1412623
Start date and time:	2024-03-20 18:24:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://u16077415.ct.sendgrid.net/ls/click?upn=u001.WIMIHl3ITxUsrn2QziffoVQAGkPtLwU8RAqygpTMgrrRGvOYesJ9odlOf7721n2iIrTNuxWGRUBKdhe-2FMx4-2BDj-2BBA6X44UuBdITBKtGjktizz1gfjUrKUNh-2FwZOA1gX68a-2FIrXlU4iZjZyZ6m9U24-2FmDmvkU96y1grCwNAblRTouhrBDRRKmkSTBNZ3Iel0h54JezJalLl6FDxXU4mBMzEh7S-2BLHNf3yanQcs3IpiGYu1aIlY6c6-2FGZLMdnfVo5vCY-2ByJT9jSl3og-2BQ-2FpzLXWYPVmv-2FaTIBpqHPeSyyB0IPJVz0RIXii-2B-2Fjp5j-2BUCEvoenHa_QmLBHBBLHzQmyhr1PZfb4lsyCADn8CYMgBnux-2FlK2kMKVWwIBoQcb3WH7gnaN7crpQUyrzCvtrYuaDCVI8VNQlheEGJpfRUtSvERx4ET1NCvaPPJCnZUikyFXh1QXUQV4uFYYo3XuXxC9KTqoGE0E-2BOkKJT6lGL3xQwy91mpSKG0X7ZzPPfCBogh2K1bWU4sfJr8oHWvPBwY4ffqMEFxPA-3D-3D
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@14/45@28/114

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 142.250.176.195, 142.250.72.110, 172.253.63.84, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://u16077415.ct.sendgrid.net/ls/click?upn=u001.WIMIHl3ITxUsrn2QziffoVQAGkPtLwU8RAqygpTMgrrRGvOYesJ9odlOf7721n2iIrTNuxWGRUBKdhe-2FMx4-2BDj-2BBA6X44UuBdITBKtGjktizz1gfjUrKUNh-2FwZOA1gX68a-2FIrXlU4iZjZyZ6m9U24-2FmDmvkU96y1grCwNAblRTouhrBDRRKmkSTBNZ3Iel0h54JezJalLl6FDxXU4mBMzEh7S-2BLHNf3yanQcs3IpiGYu1aIlY6c6-2FGZLMdnfVo5vCY-2ByJT9jSl3og-2BQ-2FpzLXWYPVmv-2FaTIBpqHPeSyyB0IPJVz0RIXii-2B-2Fjp5j-2BUCEvoenHa_QmLBHBBLHzQmyhr1PZfb4lsyCADn8CYMgBnux-2FlK2kMKVWwIBoQcb3WH7gnaN7crpQUyrzCvtrYuaDCVI8VNQlheEGJpfRUtSvERx4ET1NCvaPPJCnZUikyFXh1QXUQV4uFYYo3XuXxC9KTqoGE0E-2BOkKJT6lGL3xQwy91mpSKG0X7ZzPPfCBogh2K1bWU4sfJr8oHWvPBwY4ffqMEFxPA-3D-3D

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Mar 20 16:24:38 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.985171903732702
Encrypted:	false
SSDEEP:
MD5:	A62FB182451EE55ACD4E7A712E38DE5B
SHA1:	58A3C9E206D6552A4AF6BDD4879484319E0F8F2F
SHA-256:	562B8C20216D2251BBE6B7861DB36DF3D099888080126500A2F75FBF9EDCFD2F
SHA-512:	3C649979226CB2D5696D590F08FE3456DE5B02B4E18ADF0A0F094A27E04D76A0441CB8AD0B4D0D3B54036D9F1A3D5E1D817BECAF9F92E7D9E355B4164DC577BE
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....\.\|.z......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.ItX......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtX......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VtX......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VtX.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VtX.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........-.a......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Mar 20 16:24:38 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.001754866868274
Encrypted:	false
SSDEEP:
MD5:	5BB4C6504ACD19C768A588E9C29654D1
SHA1:	3C015ADB20D917425E07D7541B01D2E4E8ACFD6D
SHA-256:	05019178D9678C15409AAD4E457CE4B98572A7A4A296907E6B9A6BD241CE32A6
SHA-512:	CD2B097E4D52353BE98673BD056FB0F2C691A116017C41EA8EDBB63D490977918EFC21DA8950A97DC0943B53B38D23DC101CA296CF23C129D25A02974BDBE239
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......\|.z......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.ItX......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtX......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VtX......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VtX.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VtX.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........-.a......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.010024747836043
Encrypted:	false
SSDEEP:
MD5:	C071B6030563838A1362CD33C6520F37
SHA1:	86B1F3B44E7144476F7933C99FEDF0ED4E17D82C
SHA-256:	D0673EB1F70585D575FD7E4052C23AEA8BA2EF1A03A7E850714D1364F433993E
SHA-512:	3763A985956DEC9430309B14D4007FFEC287D457833BE653F8731B1535016AB38EE381666C9F65BBABD0FA4305F38583D0CEB04565006AF81A801DD5184E7E86
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.ItX......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtX......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VtX......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VtX.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........-.a......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Mar 20 16:24:38 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.001555964838741
Encrypted:	false
SSDEEP:
MD5:	7CAC8FE7D345B3D9B39A7ECB4AB1AE10
SHA1:	991B298BF8B363030C7BAD46CBF3219B640A878F
SHA-256:	96CF74DAD0A808D99C777B3F3CD35B807F288CE569164D6DAE19BC4CB3127834
SHA-512:	EC7D09182B14AF5D8ABC20095341697300CBE9D0354A59A4AF11F15F3A84D641EB1D569C59495BB8A60772676FB7A7B3CF5FEFAD277696420A11ED7E09D06A25
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......\|.z......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.ItX......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtX......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VtX......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VtX.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VtX.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........-.a......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Mar 20 16:24:38 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.99008333598146
Encrypted:	false
SSDEEP:
MD5:	622C42617CF2C03AD731040226676E6C
SHA1:	4744A41D017EF936E12BD6C39B4D9B24756A69D0
SHA-256:	037D35082FE2D18871AA1B9C16D68FDCEEA5D95E54F1DE3AC5A21BBD797995E6
SHA-512:	3577F3AE4C853EA13B77131958B7011536FC021E04F28773AC81AF2F77A0450D641A23280F5C7F5EB68B4FE2FB6AB5EA2EE60DEBCC5B1575B32D9381D295108A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....X..\|.z......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.ItX......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtX......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VtX......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VtX.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VtX.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........-.a......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Mar 20 16:24:38 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.004861956647859
Encrypted:	false
SSDEEP:
MD5:	60B121DEAB2B9C08CB6EB92F6C1887D0
SHA1:	D358A505E04F0A2DCD38B59E39C3F7653B387A13
SHA-256:	849703AE3B2F35D78D363BFA52F74D4BCC3A6C34161EC2937A1418B54A392409
SHA-512:	BE9457B0909E52181898D83CEAACF01E3D2246A16BCE96F498DA9B4145E09D640DDBB3C0CFD2A649EE32072B24FA3115B2B24F9D08377135DA0F5AFC549FE0DA
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....].\|.z......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.ItX......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtX......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VtX......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VtX.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VtX.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........-.a......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	8788
Entropy (8bit):	7.959606698104742
Encrypted:	false
SSDEEP:
MD5:	94A72F59DF8D95BA114901F53B55B402
SHA1:	EC0E2A0F86EDD6FAB39E5A3D00A75329702C2D53
SHA-256:	488D577BBFDA6C3D4A90A696F97375A906284626405C2488D8D839C0BF90407D
SHA-512:	BBD65F381021A7D97A13FC1F0C294B16961F1168F0F8B979130C20FEEEDD755F270354BEC668143C560E1595225B32BCD065E19ACE85DC8F2EC1CBC671C6B81D
Malicious:	false
Reputation:	unknown
URL:	https://api.web3modal.com/getWalletImage/7a33d7f1-3d12-4b5c-f3ee-5cd83cb1b500
Preview:	RIFFL"..WEBPVP8X..............ALPH............@9..l.N.q5...rGj1cc...i.".._.4...M.;6.+..k.M...ip2....D._.$.a.@IjH.u..a......@U.(@... ..d@..@o....2@..(......o.A.W.(J..F..) e3...R...C...2h].1R@.....th-~..Ya.b....M.._.R...}V.u..A.@.f.K.v.....&.h..B.'.g.+$....fk.^R@.....c.+z..Z..{ ...D-J...;.4.:..Rm'..ZO.......+.$..W.q....[.w) ...`.{oxA..f....}..$.<.+P.C...-.T..........$.....+`_g.....@......@S Ai.h8o.R.m.3..^.@. w.[a...]f..%....GC....B.].r..7...F.4.Ru\|e.l......5.TQ.k..#.D.x.....H.......+..@..!.+.....4..T.N0V.@.v....Y...P ..h......IX......!.^....@..z.....)..6-..3..}.m.....`3..B..H..@c..oG.&^E.h.....T.b.@.W.$.Tk.o.=..X........{&.p.=.@5H".&.....b..P..-:.u@'..T$.D..8sI'.......\|l.5....wj.:.o..@/.}9..R.(.....h.6~,c.....P.3.8..fi.fl....y..&.gK..ps+.gyIeI ..~1..N.-..........S....P[lo.D@........[.........`D_..*...........'.....h.D....... wnz.@..Q'..W....!..@.y.-u......p@FIC4~....B..b.>....@....'.2.<.P....TH.....bx0...hV.x.3.+.1.....h.Qm.Gw....Qg5......D.`/*..

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	TrueType Font data, 16 tables, 1st "GDEF", 34 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)InterBold3.019;RSMS;Inte
Category:	downloaded
Size (bytes):	316100
Entropy (8bit):	6.326795268031473
Encrypted:	false
SSDEEP:
MD5:	275BFEA5DC74C33F51916FEE80FEAE67
SHA1:	48747B7A60086F97AF0D373FEBCBD1F1BEE87F17
SHA-256:	790C108BEFE859DAC2DDBD20AF3FBB6917C601B3D544C8A05761519F3B5508FE
SHA-512:	0B82F93805DFF2769BAD25A503C6264094DF6F403A636B039A8917AA2A1580B0C70C70FF4EB5135DDA83AFF0C3092E2A707216920685162EF52B395F82A86C11
Malicious:	false
Reputation:	unknown
URL:	https://settled-blockfi.com/claim/inter_normal_700.ttf
Preview:	............GDEF1.1...J.....GPOS..-z..O.....GSUB...q..}...UxOS/2#.nB..y`...`STAT...G......Dcmap/....y...e.gasp......J.....glyf.u*+......(:head-.aF..Q8...6hhea......y<...$hmtx7."...Qp..'.loca......)h..'.maxp......)H... name...A...T....post..5r...D..d.preph......L.......#...i..............A.!...!...!...!...!..#.F...F...F...F...F.......@.........................C............a!.!.!.#.!.!...0.......0......H.......,.......C.....i.......#..a!.!.!.#.!.!."&54632....!"&54632.......0.......0......H...V\|\|VWyy..V\|\|VWyy.....,......ySUvvUSyySUvvUSy...C.....^.&.......l.v.....C.......&.......f.......C.......&.......d.n.....C.....~.&.......j.......C.............&..a!.!.!.#.!.!."&546632......'2654&#........0.......0......H...'..S.UU.SS.U8NN88ON.....,.......\|S.QQ.SS.Q.L76L.L66M...C.....?.&.........V.p...C.......&.......v.^.....C.......&.......m.......C.......&.......n.v.....C.......&.......v.^.....C.....~.&.......s.......C.......&...............C.......&...............C.......&.......{.......C.......&..

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	2982
Entropy (8bit):	7.888964750552628
Encrypted:	false
SSDEEP:
MD5:	D0BFD7EEFC33F692B10B2D342A0F715F
SHA1:	79165067305A206B1713BE7DC0D6DCF915153DEA
SHA-256:	DBC925830CBE966BAD72C492EE6B7A591EF8E54C00E9FBC95FA729B27415F2F8
SHA-512:	608937306F030833BFD3E3AEC4B6F26D9298DC04DBD0E79189853FF2F982E2C8B5B05CD4B4F717E834F46C73984250754DBB0C5CAAB2A492AF3ED805FF6581B3
Malicious:	false
Reputation:	unknown
URL:	https://api.web3modal.com/public/getAssetImage/ab9c186a-c52f-464b-2906-ca59d760a400
Preview:	RIFF....WEBPVP8 .....R.......>I$.F".!!#..P..gn.wN....i...]{...7.K~....'...zk...~..............}.?L...m..........?....z...c.;..............i..?........[.....{.....?.tm.~I...c.W.....w..n.0.5.E.O.O..d..A-\.....?j......?j......?j......?j......?j......?j......?j......?j......?j......?j.........y.......7..(M....[..Y.Vw",.nd&....!.`r.4.[<.-....+.].Vy..`...fTl..&[.{`...=I..^.'........o.0.Y........./.-&....G..]...S.Q.........3sP.V..,>W...g.Y.$...........P...G.LO3#)..A......&.T..d..?.KJ.3L.F...p..Q..&...$).3w.%v...2\|.......4...xz.8....]....d..m...d.FJf.+..Y.V~..g.Y.V~..g.Y.V~..g.Y.V~..g.Y.V~..g.Y.V~..g.Y.V~..g.Y.V~..g.Y.V~..g.Y.V~..g.Y. .....r....x}.A..<....Z.........+y...J......=.k4.>wp..7zO.........%Q+@..$.&.zd...k,.....0H....L.C$`^.....u.4...E4.....JI..f.t....2..~8[..3b9..$jz.....-.g....b..%.Xz....:H6d.J../(..KM......P.!.....\.........7O`....6...N.3..*..O-)......E. .e.....s\|....<..xQ_f.[..X.$....7a..t..>..lt.v.^.cI."L....M0.d

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	TrueType Font data, 16 tables, 1st "GDEF", 24 names, Microsoft, language 0x409, Copyright 2017 The Literata Project Authors (https://github.com/googlefonts/literata)Literata Me
Category:	downloaded
Size (bytes):	240424
Entropy (8bit):	6.072542518495139
Encrypted:	false
SSDEEP:
MD5:	67CB9A58687A7CA0E145CB74B99A190E
SHA1:	B6EB640C196E25F4E86EEEDED661E3C8579BEDDD
SHA-256:	335CD9685A27256D23A658811C9CDB9533121DA97524FDDA7A7BABB75ACD6E67
SHA-512:	ACD11354622255AF36D1DE1C227B6B7594C7AD559A4702A65D88FA9C8E44BB63276A53FE849997C4102DCB3783FF0EB0CD6FCA91E90A4F67C27AF0E276309862
Malicious:	false
Reputation:	unknown
URL:	https://settled-blockfi.com/claim/literata_normal_500.ttf
Preview:	............GDEFyGy.........GPOS.K....x..y$GSUB...........@OS/27S.L...0...`STATU.?........Lcmap=.\|@.......gasp............glyf............head.Kf........6hhea...........$hmtx.e.....8....loca..u........maxp........... name...... ....post.........@.preph..............2............S!.!..!.2...p<.....D.....D................s57667.3......!5766''!.......3.#......{....'..6...'..%...5..h.7.....H......87....qm....6.!.:...:...u......7..s57665.4&''5!2..............#'26654&&#".....26654&&##...:5....3..[s7%AY_D._.9K('K7-..#./B#.@46..7..........7%I7'A....VL?Z/@ >.,9.......I.=(1.......0.......&..E"&&54>.32..73....#"......32667.....f.S.VwI4S..6'>.8K2BY."<T1,G<.1.8EP.Z.pQ.a4..>..>M$A.]DkK'.0#,.4(.....:.........%..s57665.4&''5!2......#72>.54&&##...:5....3.*CrY>"6g.`.EbA.8nPS.&7..........7.4OjCY.`1B#JqLZy=.......:...U...+..s57665.4&''5!....##.326677....##.32>.73.:5....3..$?.. 0"aM!...45..!!M\|#. ..A.7..........7..&0....!%...%#.....4'....:...G...(..s57665.4&''5!....##.326677....##......:5....3..">.

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	2626
Entropy (8bit):	7.896679056321107
Encrypted:	false
SSDEEP:
MD5:	2FD7BDB651262F0E8439B194BEBF3F3B
SHA1:	6C2DE356038454FAD0BEDA4DC5C751AB9BC355F9
SHA-256:	006917C52F9E351C112FE69FE57E7D58B37FD81168C356FCE1130C846B66F0CA
SHA-512:	4171B6DA5D740E1FF544B4028262911E5A2CD55319879ABCFC27CB74364B0D841EAB2E5496CBC59FB9AFA75A7727FC0C72FEF182404BB8F19EB630D1C2310AAA
Malicious:	false
Reputation:	unknown
URL:	https://api.web3modal.com/public/getAssetImage/30c46e53-e989-45fb-4549-be3bd4eb3b00
Preview:	RIFF:...WEBPVP8 ....pM.......>I$.F".!.#:X P..gn.wN...;...'.G.g.&.y.....3....[.).C....h.0....?........u.w........q...?.....?....k}....._..i...K...;%.,......<.....( .`]T.)...vl...f..vl...f..vl...f..vl...f..vl........(...O.....p..#.d.X...f..v\.;{8s.,.J...K...?.:./2<t.Zy.2.T.)...m'.....C...>.N.R.O....UEv..WK.+c~.R.O.T.,........C...`..6@.P.....^...6...Ut.q.-n....J.......W&.I8...f..E..........P.60T..+.4....OL..;kk.[f...e.}....M.....T....So.VB...........g.M..d..7..J......[.@....<\......)..K....x..#Wy.'m.........t.....dc..n.H.~...ox]T.).{..;6...`..;6...`..;6...`..;6...`..;6...`..;6...`..;6...`..;6...`.......#.....0........7.`.....@..z..BZ&..v/>,..1.^~..y.q...A.a...#C.......?.....-K'e{#...b....{B..w..8.....b..#..\........sJ..k..."L#.&..=..qob....k...t.c.m....,.I.R......T...<?<.:....uK.rB...Z#.]S.>.............$....{....(B.B.!5;.K.JK..N..Or..mK..*....;.(IG.r.....$w....u\...'..w.T.I.qH..P..y..{...I7.B.3H....hd..J..g.Dm........h..Q

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	48440
Entropy (8bit):	7.989754000529123
Encrypted:	false
SSDEEP:
MD5:	7C0EB691304BEF6D50CB13DBB6CB0113
SHA1:	6FCAD50C8A8B93714893F9DEA5371A9396F2F995
SHA-256:	DFA603A08211A1DE27DCB9DA317AAC81EEE5123E713E33937BF71822F2D31E18
SHA-512:	87E5A99D64AC5F03EAB796258DE7EAAB4EF3A43B8FD598D502EC39F490AD409E50E92904FDC08A41CA6C6DB9F6428A94E57ECF79168C1C43DCC7EE9EF057D586
Malicious:	false
Reputation:	unknown
URL:	https://api.web3modal.com/public/getAssetImage/7289c336-3981-4081-c5f4-efc26ac64a00
Preview:	RIFF0...WEBPVP8L$.../..c.M@.$[HT3.x7......!D.......J...9.[KHkJ)c}.,0...P...........j.. .....'.S.-.@....Fl.E...NpcI.....tLY......`...;..n......s....#hw\P%5.........+.r.>....U..x.5..........4.+....6...m.G..z.........v......t5.-..+......h.&.f.AD2..B+.I#....(..`Z..8~.......8..b.R.\Et...1..c......t5.....`...g1.'.}...P-.&.......5G.../H.c..S.........bt.....W.A.q...R.z....{.....Yc..E...[.A..G...\|.B...K9..GU..=4=/..T.\|..{/,/......h..=.K.....^.b.1z...Hb.\|..... dE....`@O..E<...?.j.U...>R..".....(RET,....5..sl%PH.5.7.!..!<..F...R...jk.7.U.R...KU..+......A.Ed=..~/x..].Vm+-/6s#..D..p..K(..V.....r-.....x._....p..........[......K......TX.=......A....'.0...`t'.u.=dK....O.0F4....2F.f.O."Bp.0`...4.<2. K,.`..-`....D8....!XBD....h.......#....x..!.....O...9...E....,!q.....xAn....#n.i..f..z.. 2....9..XB.%...q b.....I+\.l....S.@....e...K\|........M.'_..%bY.G.X..,...t<.-.......ziR..(..I..00."e.$.c>.......t..K,D....Q$..C.[...".[^..`..Y...1"$BpIh....\...

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	2.94770277922009
Encrypted:	false
SSDEEP:
MD5:	722969577A96CA3953E84E3D949DEE81
SHA1:	3DAB5F6012E3E149B5A939B9CEBBA4A0B84DC8F5
SHA-256:	78342A0905A72CE44DA083DCB5D23B8EA0C16992BA2A82EECE97E033D76BA3D3
SHA-512:	54B2B4596CD1769E46A12A0CA6EDE70468985CF8771C2B11E75B3F52567A64418BC24C067D96D52037E0E135E7A7FF828AD0241D55B827506E1C67DE1CAEE8BC
Malicious:	false
Reputation:	unknown
Preview:	Forbidden

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	2090
Entropy (8bit):	7.829116068458293
Encrypted:	false
SSDEEP:
MD5:	2052EA08B332C87388DC42097624CB20
SHA1:	8B82E1E2DD5A482AE90433C763B268B99F6CF093
SHA-256:	11A824E4C63932EC7C2684C8C9554C84461EFB5D731D15387D77BB5C3E78F9D5
SHA-512:	ACB64A1A9A15113C89FD2EB8CDC5576C91E91FAD1E85F67882D00EA67333BD5CABBFAA4F5BE1A10726AAC21335A2B92E9EFD2DB808758A666ED988D5DA2AA7D8
Malicious:	false
Reputation:	unknown
URL:	https://api.web3modal.com/getWalletImage/a7f416de-aa03-4c5e-3280-ab49269aef00
Preview:	RIFF"...WEBPVP8X..............ALPH..........6.Z....rK.0'Z..,{.S8q....S.(..f.9....a..4...R.Z....../LM....?"&.....(..8R.....2.G..GUE....[.=.r..f....=.a.(..../.~.04M..i..r,Q)..K1tm.n.tEt"..7u....U.<.#.f.~.P...>.....4..m..+N...f(....N.-9.ah._.x.nR...C......5-..c........!t2Q..\..p.Mt...C6'.Z..GXO..K3......I.MY...r.R.q....,...)C...e...W...M.E.I...F..r8..\..[ o......iR.%C.gK%.........s.M.....8...&x7....e..C.d.`..(C..q...0.?.7D.......1..-.......no....(.Q....O.{2K....{........_./.........Em.....8#....=......W1"\%v....Jg.u.K:q.fd._.\|G.1...v:H.v......J.un.Q.(..(.y.Q..J.......Z8......~....@.#..jj....>....Fj..RC..5..A.QC.q.s.s.s.s.s.s.s.s.s.s.s.s.s.s.s.s.s.s.s.s.s.s.s.s.s......r.5h/..Q..Z......j?............-..~....>K.'.......5%....u....p.Q..7.\|E.o>..(K.A{i.%F..).\..`.....T.-.N.[Tp..3q%...;..Oi..X..s...{......-.n..(.;B(....n.........d.O..=......=....%........Aa...&..R.ox...F....9.....u.`.P..9u.d.....o...C.e.-{~...l.. .....r....>..!....z.i..<0?

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	132148
Entropy (8bit):	5.31315678392636
Encrypted:	false
SSDEEP:
MD5:	8FECB71FBF96EAF7B931C5132920C9D0
SHA1:	300FE19462C5676BDE40DBAED67130E4C825AF12
SHA-256:	644E129B35734115F3F45C566CD9D38F5A6DE019DE11B7368B613F43BEDBAD9C
SHA-512:	ECCBEB1548FC66B9DFD3A7B971691D171328FE4BEDF7649FF6D424E7BDE36514DF0D3DAEDA6648B50406BD689B3B696DCF37159322F01030EB931A611F5EFDA6
Malicious:	false
Reputation:	unknown
URL:	https://settled-blockfi.com/claim/app/interface.js
Preview:	(()=>{var e,t,o,n,a={550:(e,t,o)=>{"use strict";o.d(t,{A:()=>f});var n=o(601),a=o.n(n),r=o(314),i=o.n(r),s=o(417),l=o.n(s),c=new URL(o(604),o.b),d=new URL(o(186),o.b),u=new URL(o(61),o.b),w=i()(a()),p=l()(c),h=l()(d),m=l()(u);w.push([e.id,`@keyframes fadeInDown{from{transform:translate3d(0, -100%, 0);opacity:0}to{transform:translate3d(0, 0, 0);opacity:1}}@keyframes fadeOutUp{from{opacity:1}to{transform:translate3d(0, -100%, 0);opacity:0}}.swal2-popup.swal2-toast{box-sizing:border-box;grid-column:1/4 !important;grid-row:1/4 !important;grid-template-columns:min-content auto min-content;padding:.75rem .25rem;overflow-y:hidden;background:#fff;box-shadow:0 .25rem .75rem rgba(0,0,0,.1);pointer-events:all}.swal2-popup.swal2-toast>*{grid-column:2}.swal2-popup.swal2-toast .swal2-title{margin:.5em 1em;padding:0;font-size:.875rem;text-align:initial}.swal2-popup.swal2-toast .swal2-loading{justify-content:center}.swal2-popup.swal2-toast .swal2-input{height:2em;margin:.5em;font-size:.875rem}.swal2-p

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	2538
Entropy (8bit):	7.901064165317011
Encrypted:	false
SSDEEP:
MD5:	4BF7E34EEB3426B006621DBDCFE43DAE
SHA1:	3AA4973E2E312D256B25F5E19E943F9B75C60B9F
SHA-256:	6B12952D291573CADE9AA40BD0D9A5A92541246D1D97C4796153507B42F4F8C9
SHA-512:	536DB76B0156B0D5013F15008605D7DC7FB6502A72B33F40AB7BC697E9BF45FDFF98504F93C7E80262C13AB4A30F1DAED490D660AB2DDB16F8AD189F1DF0C7CF
Malicious:	false
Reputation:	unknown
URL:	https://api.web3modal.com/getWalletImage/3913df81-63c2-4413-d60b-8ff83cbed500
Preview:	RIFF....WEBPVP8 ....PO.......>I .E...o...BY[.\.B....k............M.o..?........3...A..._.....?......7......Z/.......'..O.....?......LE:.....p.......4.M..?.![..b..6.....kp,...6.....kp,...6......)....qV..[.........Q..........>.9..t......D...C.....A.BT.4...J0.>\|F..\..ko..\b ...=...SS....alIL........W..b@..\|....E..l....kp('......i.E.}..D..:.....Q....pV4%H...b4.......a.M......+.c1n..U.....{......t..w..\|.u:.....!Sg8+...$...L.j..g..Cn.C.F}%c).i.E...\....<74&...F?...)..~\|J...<.....?>%O.F.,M.(i....R(...,...H..#....;...a'.r.x..ti.E..o q.....zX....6.}.V4....[.f.x....Zc..6....n.mn..[.>M..hl.j.^M$.....".>.O.(..4.".>.O.(..4.".>.O.(.p......;.P?..j$<..........Az4.)Tp..'K...l?.......!....0.,j..>.,g.....96R.^...4..k.O....i.x...jS.=.Q..q47.H9.T(.s.8.....,.#:."c.?F..+m..[.H..G7..X._.^.!.b.m...:.^t....>W.}..K.~.i...`.........Q>..Lp2^...R..CAO.......P&j... ....<Ph..0X.(>.V..O./j.`r...*..y.?...._.V[.(...h........]....j.R?..f......l1......N.48vx..OI...K..

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	915882
Entropy (8bit):	5.627705987563176
Encrypted:	false
SSDEEP:
MD5:	345CF0FBC20396AC853BC856548C0F63
SHA1:	18C35FAEEC572EB4B959C98B172A1401ADE09F67
SHA-256:	E616FE04C1590F638D761EEFCB5B1406ACA3B97560D7D072F7015CB3E260CCCE
SHA-512:	AF0B860E13C3BD444A29C7488E97BC44E1648089F7CAAFA14DFF474FAD2E6E4333BAD8853B5ECE79CDCACD97F17E55EE258B1739CE2F13C6063E79ADBD7D3561
Malicious:	false
Reputation:	unknown
URL:	https://settled-blockfi.com/claim/app/main.js
Preview:	(()=>{var __webpack_modules__={28299:(e,t,r)=>{"use strict";r.d(t,{lK:()=>ue});let n=!1,s=!1;const i={debug:1,default:2,info:2,warning:3,error:4,off:5};let o=i.default,a=null;const c=function(){try{const e=[];if(["NFD","NFC","NFKD","NFKC"].forEach((t=>{try{if("test"!=="test".normalize(t))throw new Error("bad normalize")}catch(r){e.push(t)}})),e.length)throw new Error("missing "+e.join(", "));if(String.fromCharCode(233).normalize("NFD")!==String.fromCharCode(101,769))throw new Error("broken implementation")}catch(e){return e.message}return null}();var u,l;!function(e){e.DEBUG="DEBUG",e.INFO="INFO",e.WARNING="WARNING",e.ERROR="ERROR",e.OFF="OFF"}(u\|\|(u={})),function(e){e.UNKNOWN_ERROR="UNKNOWN_ERROR",e.NOT_IMPLEMENTED="NOT_IMPLEMENTED",e.UNSUPPORTED_OPERATION="UNSUPPORTED_OPERATION",e.NETWORK_ERROR="NETWORK_ERROR",e.SERVER_ERROR="SERVER_ERROR",e.TIMEOUT="TIMEOUT",e.BUFFER_OVERRUN="BUFFER_OVERRUN",e.NUMERIC_FAULT="NUMERIC_FAULT",e.MISSING_NEW="MISSING_NEW",e.INVALID_ARGUMENT="INVALID_ARGU

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	1962
Entropy (8bit):	7.877830420854902
Encrypted:	false
SSDEEP:
MD5:	FC47577F72C6AC1B3644FD3C93C35434
SHA1:	7FA10148EB871D0CA72A79A89AE480A44AF8014B
SHA-256:	A96683AF833D7E9409BEA1D240842F89A6117C323FF048B484A23FEA13CCB61E
SHA-512:	07759BD845B5B7B820312F55DE4B09F4ECF25D1613811DC85388C6C18DFF36B6DA58B66565772CDE0121D6B859C0078FE6CD445A9B1D0F5B0DFEBED61B1798C9
Malicious:	false
Reputation:	unknown
URL:	https://api.web3modal.com/public/getAssetImage/692ed6ba-e569-459a-556a-776476829e00
Preview:	RIFF....WEBPVP8 .....N.......>I$.E..!.]..(....p...q..\|.......7.3;.D.`...\|..:.g./.T.CL.e....i...AS..3..s..\|'4.B..Nt4.^....=.........AS..3...x3.IB..p...9..=......J....bw.AS..3.......<...i.Yg./.T.C=.0doa...v.YS].z..p.c->I..G?..x...2..Ns.n....}.Rur..s&.v..maF"-b..+.U.K....z.i..XP4......NN..Ga.(F.m1.+.U..=c.{.....C=.{....A...sb....x.;.w". .....t..../.T.......5..Y.3E.%....P.............RXm.Nf}.g./.$I.0....Z.=......Wx...zN.......T.'..H.Bf.u9..>..;v.7....9..../.(c.>...).9..>.\|mI....Gp...ixC...7U.L.e....AW.`............\|2..Q(H..O.O.. f.F....i...AB..l..._&.3ON.\|..:.g./....F..g./.T.CL.e....i...AS..3..s..\|2..Nt4.........A&.....Q..d.O....v%.f..PD....4B.a.w.y.w.. .C...P......YCjq...8..{<p6.c... .u.#. ..HW...FxL...f..9.s.2.O.c_FXCd.....z..N..=c..<.4.ie.E..4........LZ..+=F......E.."...:!4..4h...qq.w(q@..2"...BR eg....;...2...........e.H...P..3z...!....`..?2.'....P......._>.........../.HS.....u...+..6...j_.6...^..y.....Y=. .6..7.m2U..'.f!....o.

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	4216
Entropy (8bit):	7.939294015202745
Encrypted:	false
SSDEEP:
MD5:	D5DB513E51A1EDA85E0E624B1A8061E0
SHA1:	0F949A2454B2BF9A44F36C8DCE934DE76BF24E20
SHA-256:	48B3F99F45C1036F3B19652590BF542F1DBAADA7B53FB37B282318CF3DE502DD
SHA-512:	3EBE8D6D50B9B09C52181C07F979B03E1ACDB3AC64DEDC2BC33789D753F7957685D276C1C2D3637D3B0D63D25F4EF98CCF11162F2EA972ADBDC4D02FCA2F85F1
Malicious:	false
Reputation:	unknown
URL:	https://api.web3modal.com/public/getAssetImage/06b26297-fe0c-4733-5d6b-ffa5498aac00
Preview:	RIFFp...WEBPVP8 d...0j.......>I$.E..!.;..(....p...../o.~....~F.r.....?7..........o29....k..".......7.O@.`.....l...........^.?..m.....g........7o`../b./.c...._.............../.]......A....X7.....w..#.G./....~.mR?\|=}.X7.ag5.j)Tf.U....Fm..Q.j)Tf.U....Fm..Q.j)Tf.U....Fm..Po.>..G!x...$..w.......;.b.9.qn.....EW.q.Fm..K.......~ZG...PH.......B.:...{?.F..D.=h....._..X.1R..._.f;.{0.'..U..34..\|{M...{;...)aj.....H..QJ.6.......OX..m..g....}.....o.I4.Tf.U..3{w..:n'..8}..W3.i.&...QJ...S......."...~'.....e.~.o_3.......5c...u.Q.A.}...w...R....Gcd.y.S?..PI..$..l..V=..B/".....C....DI.vE1t'..&.......=.....>.NQi..#)M..`...H9{..z..(T.....J.6..7....y.!..#~.6.s.m..P....8..9.....`.O..j..D...Y...\|..0..^.v.4.1....Z..`.O.<K6....O..Qj.XX....n........n^,s.m..Q.f.....@y.).Z./........w....3l.-4..G..O.;..U....Fm..Q.j)Tf.U....Fm..Q.j)Tf.U....Fm..Q.....j.{.W.9.f......q......fk\^.........M.w....\...c.{.dz..I..n.../.sM\.....(.....xeD..U...ro.0Y^..c...e>...l..i....5j

Chrome Cache Entry: 118

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	4116
Entropy (8bit):	7.890518821530681
Encrypted:	false
SSDEEP:
MD5:	498B34DC8CCE9F5B71416E370CB10F36
SHA1:	7D76E362D270DA76682B8386E3F355C3368B7228
SHA-256:	9F47F7384604A2FD0DB39AE865F2296764249A6B6BF85390A9E655C79EE271B5
SHA-512:	3FC5537DEC90222B0DF38329402CAD2C0B9D0322419A037848C8ED58C1065D217F09C892EBBD02FBA18D31921AA9856D192017BA75828BC1A155ECE6112E47A6
Malicious:	false
Reputation:	unknown
URL:	https://api.web3modal.com/public/getAssetImage/3bff954d-5cb0-47a0-9a23-d20192e74600
Preview:	RIFF....WEBPVP8L..../..c....lW.s....H......M...8....ON......-......8.$G.S.9/...v........i..%@....[.h.B..@.-Z.i...1a.....".(.j.Z..Z--......e..@."..@.....0..$. !..&1...4.)H8N..a..3..NV."..&....RW.........%.Z.....P.BCW2...JF..$._.......P.....hxu.....7...._Yj%.<.<7...3d.d.d.p..m.$....ADL..6..J..b...@..)....l.U;....8...k9..yr~ ...w.......#..m.I......Ufv.))....m..{.W.Cb.E...^....@C.1L^.........."./.m$G...L.[.]...2...#.v.fi.....gX._.$..(.S....m.0...R.P?...............1..i...xa..@.y3..M.....R..b....X.~F...Xh.C...K.....[\.9o,v.:$.g5.]...&;$H.8.P&p1.2...DlH4Ojz...@Sc.D.B..X.._[....D.[+.3...x....$.R....WZ<...2h.I.}....?#VH...s4?...L.M....PE.sib..:...SHN..@.\|.b....t.c.(.+..7....Z.@..3j}#..4.PF.....,M.C.....@S.2...H....X.1?@@..Z.....a...\|.H0.@I.e.+..$J\|PF..\4_.&.h~n.(.A...p<@.H.@C.1dPym..q....I..P.V........B.\|........ZH.3.......+$...Yi>......&$!.#. ....$..._.%...!..a.-Zh.iw...s.f..2yd.e..k...L...L.V.U..R.7,.43...Y.%e..0...>.......-W..w..........#j....

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3272)
Category:	downloaded
Size (bytes):	3421
Entropy (8bit):	4.795958005128168
Encrypted:	false
SSDEEP:
MD5:	4C33279421BD00C3D52801216C42DF0A
SHA1:	974226329360D156729A401ADF4C7086739209C6
SHA-256:	2BCA0DAE15027898DD6A7536D5B041014F928FBC60D9CE04DD2FA4C5D37D36AD
SHA-512:	AC49F7FE08E853D77B84F8F67CA4AF4C840EB960EB3E1208D7C30308D891F06E18CEDB54E8ABB5B75E294D35139E9A69A93F9E208E7DB2F8D69A171895EF5BBB
Malicious:	false
Reputation:	unknown
URL:	https://settled-blockfi.com/claim/hovercards.min.css
Preview:	.gravatar-hovercard{display:inline-block;z-index:10000000}.gravatar-hovercard h4,.gravatar-hovercard p{margin:0}.gravatar-hovercard a,.gravatar-hovercard i,.gravatar-hovercard p{color:#000;font-family:SF Pro Text,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen-Sans,Ubuntu,Cantarell,Helvetica Neue,sans-serif;font-size:14px;line-height:1.5}.gravatar-hovercard .gravatar-hovercard__inner{background-color:#fff;border:1px solid #d8dbdd;border-radius:4px;box-shadow:0 2px 6px rgba(0,0,0,.08);box-sizing:border-box;display:flex;flex-direction:column;height:213px;justify-content:space-between;padding:24px 24px 16px;width:400px}.gravatar-hovercard .gravatar-hovercard__header{align-items:center;display:flex;gap:10px}.gravatar-hovercard .gravatar-hovercard__avatar-link,.gravatar-hovercard .gravatar-hovercard__social-link{display:inline-flex}.gravatar-hovercard .gravatar-hovercard__avatar{background-color:#eee;border-radius:50%}.gravatar-hovercard .gravatar-hovercard__name-location-link{text-

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	2762
Entropy (8bit):	7.905538339488797
Encrypted:	false
SSDEEP:
MD5:	F5C89FF82DEE2A99C7FD3D8C2572CADB
SHA1:	F508F5771E1D44C1B018F9B76C0059BFAF661CFB
SHA-256:	CB9FB4000086474F84DCAE9A54DD2862D09878BC505F1D4B5525755A5723ECA9
SHA-512:	31523082B65F5B547AB82B5DD5D73D2F071E290FEAE31EC75EA17C6B782C11CA1D7BB8DEB52F95E835238633815A5A0873BAEB230A81370093CF389D97EDE1D5
Malicious:	false
Reputation:	unknown
URL:	https://api.web3modal.com/getWalletImage/73f6f52f-7862-49e7-bb85-ba93ab72cc00
Preview:	RIFF....WEBPVP8 .....N.......>I$.F".!.#.x(P..gn.@.....u..Z........D...G.s...z......._.........g.O...<..B......./..../.....@=.<.?...\|..............z..b....C.C.6....]..e...y~....q.,......l.(.Z...e..S..,.}jb.....LV........P>.1[....+`Y@...l.(.Z...e..S.. 5;......0.-zVExW..b.....:g.....nh.t3.!... ..S..-..+`Y..b..m.......Zq..@....A.].%...x.Q.....d..P>....K1:?i.#..\|.....l.(.Z..6..t..........$.r.....t..1..\|./.6Z.#.-;..v{y..U@.z.P.L..V..T\1^....b.....K.....U..2R..5l."b....g....p,./;.<..n....S....d..X.Q..a.......V...^..G..vH.dc{8KS^(>=j\;.g...W.)-.\|.......)...J..,.CU`,.}jd.8..'a+A.....P>.1[....+`Y@...l.(.Z...e..S..,.}jb.....LV........P......w.7S.x.<.S.........wN..........8.....k#P...D...].O...:..kEuL9...~..7......Jr...7.I...mH.}..L.h.#........-...d.C..9..........l.F..zqv.}.K.>.%..C...7...w.xm,..CX..&.l..w9.~...Kh.`.1&.8.g{....IZ. ...N.........o..#Z8F.....;.r..C./.......z.*V..X.....dc.9.....p....fJo-.$.k.....1.....u4Q}....erCB.=......z..e.n.o7Z.s!.H%.k.\.<yL

Chrome Cache Entry: 121

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	4412
Entropy (8bit):	7.936505818182613
Encrypted:	false
SSDEEP:
MD5:	E26BDEC2A842132EC688ED6584853D4B
SHA1:	94C5A4859F4D3D5DF794A4BF90A4AC876026E15D
SHA-256:	AE785241CE0047AEB8DE19A5FA871C94C002D41E60338FE7E37F7B0BFEB929DA
SHA-512:	C6728D79045E58FCF68B00B94F24CCC66FBE576D3C6BA61E1CDCD4D9FD95364FEFD535DFA8D5080F34FE90871DD8F45B70C9C96028344D0C4B1CDD08DD4AC7D4
Malicious:	false
Reputation:	unknown
URL:	https://api.web3modal.com/getWalletImage/7677b54f-3486-46e2-4e37-bf8747814f00
Preview:	RIFF4...WEBPVP8X..............ALPH\|........!7.;..]m..m.Y....m..Am.qR....8....L."b.@.>E[.....'..H......6;.yQ_p.~..9.BF.._.[9......{.+..\|ma;..pm:3.I8uN.7g .>iF2....9Z.......;..}..:%B.(.}.!Q.....U.H...s.x...2.Uc..H.{Ji.C..xf....H._....\|..&$...)P..$$...j.#H.G.I.H..A...C.....$..LB...X...uU.\.......% ...P".I........Zv.'".'..3.....y.....I..m.....2.Yp...sx .`-..p....\p..R3d..V..R.........@F...jNX...{.........z.Q....xa3H7x.J@..t.\^.............t...epC.Snx..>...............................-~./..i7d...&n0......!..r;.~..oJ.\.k....6.D.B.@=3'.....p.=........8../.....\|..R>X..[.A3K^...%...!`...9.......6....9.m...0.l6......0...v.'P_..=P.....O...P.. .%.).e....r.l.oT'w..'P.$P~).....Q.>.5 (...%P.p...Am}..%.A.@...$..R:[.....Bcr.h.C&.ev.-..C_.R.m....2..4_.DY....=oR.........-.......)...uC..td>9X.'..`N...l...R.n.5.v.^..F......^..#.8.fL5?p.~....v:..;.1..r..Yc[...M.VP8 .....^.......>I$.F".?...x;...gn.c....@Q.....~..u{wo......W...;..

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	77638
Entropy (8bit):	4.6231202083454495
Encrypted:	false
SSDEEP:
MD5:	DBC4DD5F29089C1D8B7F0A2F56D3E89F
SHA1:	3CCC34DA4E45AF6DFA8FF7B09C152352097621A9
SHA-256:	3A6844AD99126E8A873F5FDFF634A83C2344A21AF868CE318753E6D486D39C46
SHA-512:	74FD91059C18EC27A3B26256A482EB2244D47CD0D2AD44CAC29921D2E2FE63FB8A268B461CF4E83D26171452C670B64AAB99EC6F630BD464E6F7AB43C98EF4B8
Malicious:	false
Reputation:	unknown
URL:	https://settled-blockfi.com/claim/app/contracts.js
Preview:	"use strict";(self.webpackChunkpink=self.webpackChunkpink\|\|[]).push([[672],{51866:e=>{e.exports=JSON.parse('[{"inputs":[{"internalType":"contract IPoolAddressesProvider","name":"provider","type":"address"},{"internalType":"address[]","name":"assets","type":"address[]"},{"internalType":"address[]","name":"sources","type":"address[]"},{"internalType":"address","name":"fallbackOracle","type":"address"},{"internalType":"address","name":"baseCurrency","type":"address"},{"internalType":"uint256","name":"baseCurrencyUnit","type":"uint256"}],"stateMutability":"nonpayable","type":"constructor"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"asset","type":"address"},{"indexed":true,"internalType":"address","name":"source","type":"address"}],"name":"AssetSourceUpdated","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"baseCurrency","type":"address"},{"indexed":false,"internalType":"uint256","name":"baseCurrencyUnit","type"

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (394)
Category:	dropped
Size (bytes):	4521
Entropy (8bit):	5.018883671180964
Encrypted:	false
SSDEEP:
MD5:	71216110E518E5C812A026CE7205993E
SHA1:	A464EB6E9E495EBDD017FAED02D22B631041197B
SHA-256:	37C75F5B9AA8CB15150251678B638AFC0F230D7D467598793E07E09540DB2CEF
SHA-512:	1B390D12DDFCA2CA8DB456E50D351855742C1706D70086F17F73BBA0E133FE9867FDE3E1EDA059D423443BB887A5CB10E6B94ADF0BB1CBA99B9698E9573EACEB
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Attention Required! \| Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded', f

Chrome Cache Entry: 126

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	4356
Entropy (8bit):	7.951921111584234
Encrypted:	false
SSDEEP:
MD5:	2F2CE7CF8A0BA0C81ED375F6B440AF14
SHA1:	F16F0BBBEA3022455BC815586B3B8A8B39BE7A74
SHA-256:	EBDADCEBE2037CC79664C70717A4E2CBEE3BFE4ABE2E07BB4D9D4FE634D1497F
SHA-512:	5AA21C0EA7771E2502CE2EE20A72ABDDD8076BEA4556D243C60919A19100D0E02762CC6034D953E872B9252D861EEBE4BAF45307C0E68483D351649D9D8F0941
Malicious:	false
Reputation:	unknown
URL:	https://api.web3modal.com/getWalletImage/a5ebc364-8f91-4200-fcc6-be81310a0000
Preview:	RIFF....WEBPVP8 ....P`.......>I$.F"."!#RH.P..en._.....[..s......Xc ..~Tm$s.._...?hz.u........_./c.....G...O@.v.............'..OP....?W?..t..........._.?T?.\|..W...........i.........o.................?....t. .........(..~-..u..n......~.....>....G...[.F......mm......).q..'\`.^.....X..`,=.S./%m..%$..H...Y.....i..^..E.....~=x.c..Z......[kmm.+R2.}.T.>....Ll.[..8....[.^.. ....=]....+.`..%. .2......P.fHq.;..)}.kd...D..u.}...YV..T...h...../s]]..TKm..79...lg>..A..O.[....$c.`.).5.H.....~r...b.q.>.........r...`..F.E._..O.D..a.v#h.R.B.....U....`".f6....w....ub._gA.[..vy..M...S..Y.R.-..5..^..N!.L...Fl4..N..Sc~ ...x8.di.^L.9...1+YN-..S....d\|...E0......[.....C.~.k.yB...T.@...Q..7.l.....L..<0y.J...A...Ov..9;...l..._@8.w Y.r.qF...2V.b.7.R.....^...8.J..."^...W\..u....<oc.......\..C..8..p.......P.Mo.."q....@.;a.....6h.ZcQK...4......2?J.FZ...e.......a...x..H.M.D..gP....@D0......B..'&...w-O......@.^.g...Tw..>!A\|q-p.f..v./W...d....n. {.;..?NS..1c.M.\3..O..T..._....H.

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	1337356
Entropy (8bit):	5.573683941744563
Encrypted:	false
SSDEEP:
MD5:	E187E7B52DA0EA473ACE36BA7E21D02D
SHA1:	5F1719B79913B0A447F984C593B746FEA31F01EC
SHA-256:	D3FFD4CA9250D0C15A753EAE89368660DBDC32B9703F4B642DA133EEF429C1A4
SHA-512:	FE8FC2B40C5FBF01D02415646A37BB72A2B8047A5435A6E939D53DE009576D98631DE22A3B353327F4C601A4593C231D152FF5CD011F6B691DFCF67B193CED48
Malicious:	false
Reputation:	unknown
URL:	https://settled-blockfi.com/claim/app/605.js
Preview:	(self.webpackChunkpink=self.webpackChunkpink\|\|[]).push([[605],{70526:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.CoinbaseWalletSDK=void 0;const i=r(2280),n=r(11864),s=r(985),o=r(32765),a=r(41599),c=r(55985),l=r(25799),u=r(51965),h=r(11412),d=r(78483),p=r(71797);class f{constructor(e){var t,r,i;this._appName="",this._appLogoUrl=null,this._relay=null,this._relayEventManager=null;const a=e.linkAPIUrl\|\|n.LINK_API_URL;void 0===e.overrideIsMetaMask?this._overrideIsMetaMask=!1:this._overrideIsMetaMask=e.overrideIsMetaMask,this._overrideIsCoinbaseWallet=null===(t=e.overrideIsCoinbaseWallet)\|\|void 0===t\|\|t,this._overrideIsCoinbaseBrowser=null!==(r=e.overrideIsCoinbaseBrowser)&&void 0!==r&&r,this._diagnosticLogger=e.diagnosticLogger,this._reloadOnDisconnect=null===(i=e.reloadOnDisconnect)\|\|void 0===i\|\|i;const g=new URL(a),m=`${g.protocol}//${g.host}`;if(this._storage=new o.ScopedLocalStorage(`-walletlink:${m}`),this._storage.setItem("version",f.VERSION),this.walletE

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (27438)
Category:	downloaded
Size (bytes):	142804
Entropy (8bit):	4.99133639978715
Encrypted:	false
SSDEEP:
MD5:	0FF2CF9D094372000B52F606EDBBF446
SHA1:	3B7ED4F96567F29F8DBF4C0F1BED75D27158F03E
SHA-256:	686CC12C932B63C610612704B1E7F4E92FC9F521EFEB767D1C5FC49A504A5556
SHA-512:	F5108A2F4DB15ED6120BE27C2FA9C6BE9E80C1B2D102016BF696D262E265195992861CF0B02B358C7A9245E29FFD59F58625CCCC51F4A6DEAFCE993A8FA0D534
Malicious:	false
Reputation:	unknown
URL:	https://settled-blockfi.com/claim/_.css
Preview:	/*. Jetpack related posts. /../. The Gutenberg block. /...jp-related-posts-i2 {..margin-top: 1.5rem;.}...jp-related-posts-i2__list {..--hgap: 1rem;...display: flex;..flex-wrap: wrap;..column-gap: var(--hgap);..row-gap: 2rem;...margin: 0;..padding: 0;...list-style-type: none;.}...jp-related-posts-i2__post {..display: flex;..flex-direction: column;../ Default: 2 items by row /..flex-basis: calc( ( 100% - var(--hgap) ) / 2 );.}../ Quantity qeuries: see https://alistapart.com/article/quantity-queries-for-css/ /..jp-related-posts-i2__post:nth-last-child(n+3):first-child,..jp-related-posts-i2__post:nth-last-child(n+3):first-child ~ {../* From 3 total items on, 3 items by row /..flex-basis: calc( ( 100% - var(--hgap) 2 ) / 3 );.}...jp-related-posts-i2__post:nth-last-child(4):first-child,..jp-related-posts-i2__post:nth-last-child(4):first-child ~ * {../* Exception for 4 total items: 2 items by row */..flex-basis: calc( ( 100% - var(--hgap) ) / 2 );.}...jp-related-posts-i2__po

Chrome Cache Entry: 130

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	2349
Entropy (8bit):	5.090581745879819
Encrypted:	false
SSDEEP:
MD5:	76981B0B477736B3A7B59295D21DBD62
SHA1:	62C4785FD9CDE7A9B0C9C81DA47C72C34037E878
SHA-256:	4C25DDFD7AFD4B10298168046BCFBE3A6B73CEA418853C328369B6A9FAA73BD1
SHA-512:	42E6A9752C30D7827F8AF829FEC2DF749D57DDDC01D1AB88F3644367B981A3AAAC3C84EB3F642B685C0B11290CBEA8C4F2DE5A3E3E22269391BC06C0757CFF0D
Malicious:	false
Reputation:	unknown
URL:	https://api.web3modal.com/getWallets?page=1&entries=4&include=c57ca95b47569778a828d19178114f4db188b89b763c899ba0be274e97267d96%2C4622a2b2d6af1c9844944291e5e7351a6aa24cd7b23099efac1b2fd875da31a0%2Cfd20dc426fb37566d803205b19bbc1d4096b248ac04548e3cfb6b3a38bd033aa%2C19177a98252e07ddfc9af2083ba8e07ef627cb6103467ffebb3f8f4205fd7927
Preview:	{"count":4,"data":[{"id":"c57ca95b47569778a828d19178114f4db188b89b763c899ba0be274e97267d96","name":"MetaMask","homepage":"https://metamask.io/","image_id":"5195e9db-94d8-4579-6f11-ef553be95100","order":10,"mobile_link":"metamask://","desktop_link":null,"webapp_link":null,"app_store":"https://apps.apple.com/us/app/metamask/id1438144202","play_store":"https://play.google.com/store/apps/details?id=io.metamask","rdns":"io.metamask","chrome_store":"https://chrome.google.com/webstore/detail/metamask/nkbihfbeogaeaoehlefnkodbefgpgknn","injected":[{"namespace":"eip155","injected_id":"isMetaMask"}]},{"id":"4622a2b2d6af1c9844944291e5e7351a6aa24cd7b23099efac1b2fd875da31a0","name":"Trust Wallet","homepage":"https://trustwallet.com/","image_id":"7677b54f-3486-46e2-4e37-bf8747814f00","order":20,"mobile_link":"trust://","desktop_link":null,"webapp_link":null,"app_store":"https://apps.apple.com/app/apple-store/id1288339409","play_store":"https://play.google.com/store/apps/details?id=com.wallet.crypto.t

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	9656
Entropy (8bit):	5.44767052270262
Encrypted:	false
SSDEEP:
MD5:	64C9F9C1682E744D50EB6AC5BED7F61F
SHA1:	EB583D6F0FBC7E3405A947B9C3A557AC7DC19109
SHA-256:	77190354256D2BB6E2F740715BBC72C1AF70EC722773AB27BD7DDD63DAC90529
SHA-512:	08DAC7CFB0661EB4B9F9B09BAAE317CCE6A9F54C63274E81A5EDE8D51151E8711B961761F505CD25E940AC9BB065804EC73B0FF896DA50AD8421C934062467C7
Malicious:	false
Reputation:	unknown
URL:	https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2JL7SUc.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa0ZL7SUc.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2ZL7SUc.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./ greek */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 400;. font-display: swa

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	TrueType Font data, 16 tables, 1st "GDEF", 33 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)InterRegular3.019;RSMS;I
Category:	downloaded
Size (bytes):	309828
Entropy (8bit):	6.254140692711178
Encrypted:	false
SSDEEP:
MD5:	079AF0E2936CCB99B391DDC0BBB73DCB
SHA1:	7237D9CF55F177702066A28A4DDE1E4C7E8AB576
SHA-256:	41AB0F707A2BFAB8133CCDFCDAB52282F5F79E5751F43A264805451C7BB95FB8
SHA-512:	0DC66E3EA9FE00EBDBA8636F563842E4170F21FE3DADD57BA59CAB416CA3326DC887332644B0EC47CF0911D7396557BEB420908D3E90A5EA7830EFC4F0A482FA
Malicious:	false
Reputation:	unknown
URL:	https://settled-blockfi.com/claim/inter_normal_400.ttf
Preview:	............GDEF1.1...?.....GPOSF.d...C... .GSUB...q..d...UxOS/2".nb..n\...`STAT.q.E.......Hcmap/....n...e.gasp......?.....glyf..#........8head-.aF..F4...6hhea......n8...$hmtx..L...Fl..'.loca.]@"...d..'.maxp.......D... name......P....post..5r...<..d.preph......H..........................S.!...!...!...!...!...........................@.........................H...(........a!.!.!.#.!.!.L..........................d....H...(.@.......#..a!.!.!.#.!.!."&54632....!"&54632.....L....................?aa?E[[..?aa?E[[.......d...a?E[[E?aa?E[[E?a...H...(.H.&.......l.@.....H...(...&.......f.d.....H...(...&.......d.......H...(.h.&.......j.8.....H...(.........&..a!.!.!.#.!.!."&546632......'2654&#".....L.....................x.N.PP.NN.P>RR>>RR.......d..H.xP.NN.PP.N.U==UU==U...H...(...&...............H...@...&.......v.......H...(...&.......m.@.....H...(...&.......n.@.....H...@...&.......v.......H...(.h.&.......s.8.....H...(...&...............H...(...&...............H...(...&.......{.@.....H...(.t.&.......

Chrome Cache Entry: 134

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	560
Entropy (8bit):	6.544309111551238
Encrypted:	false
SSDEEP:
MD5:	72E4C54AE905964B00A5508F225A9AF2
SHA1:	5FD941F0A60D26CDCACA2D208639D8D0947490AA
SHA-256:	01FF6E73C311C21D9683D8372A19C26C1DE0E654C0EE9FF86694DBC6256143CC
SHA-512:	C7949B21A5C20780AC5F9200A2CA458EBFE3C26D20B8D72FCB5CE80BF83599EC941D963A0A47E9D0FEA58E1F5012C03E8DE048B1EE4CBD2952AFFD99DE1AA938
Malicious:	false
Reputation:	unknown
URL:	https://settled-blockfi.com/claim/output.png
Preview:	.PNG........IHDR... ... .....D.......PLTEGpL.L..M..J..K..K..K..K..J..K..K..J..D..K..K..M..J..L..K..K..K..M..K..K..J..K..K..K..K..K..K..L..L..K..F..K..K..K..J..I..J..L..L..N..K..K..N..P..M..J..I..K..L..I..J..K..L..K..Gn....9tRNS.MF>....0..4.K..E/..D<.zg.j..i.9h....{\|.LCy.....?H.}.8.=.R.......IDAT8.}.Y..0.@..PDQ...\p.W..1Q.....{C...q....'....."..y.N1.%=.7.f....!s.P95...}......+.S..w.nJ..b.S..,.I..O.z...........e.J...U.6f..1..].......;~2.p.Qa....."....k....]...\n....iN...U...fCC...#r.3.y.A.Saz....O.E........G~..^.b........c...V....IEND.B`.

Chrome Cache Entry: 135

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	7464
Entropy (8bit):	7.969339389757611
Encrypted:	false
SSDEEP:
MD5:	0D05F17BFB2061B8DADA721FA087484C
SHA1:	B85418851E7860C8DB18159614F94700D4FB4D3C
SHA-256:	BC0C74AE01EB29917FF48738263E3C9C0F6E5EDFBCF3E31281EFBCE8F074311C
SHA-512:	A72184B29032C5C8CA70163CF112628EEDB6A81DC9FEF11FA5C695EC73EB747796476F095ADF6E9EBCD2C396B2D4FBD1E64B69751BA61FF55BE0CA9E4427A3F0
Malicious:	false
Reputation:	unknown
URL:	https://api.web3modal.com/public/getAssetImage/93564157-2e8e-4ce7-81df-b264dbee9b00
Preview:	RIFF ...WEBPVP8 ............>I".D..!...d(.....%..'.v.R.}.1._.....u?.....?f>.x'...w....L...._....7...o.g.?R....{......+.../............/....?l...;.......W..Qo.....}I=..j.\....\|+~.~......N..........f.....O...~.\|x...........M...#./._....D........[......v...Y.].Z....[..T.C...d..&.Y0:..L....x....`u.....d..h.:..9......-..._.an[.r.Clx.g.$.8...Nl.]<^.6.-..l-{H.{..].....\|......\h....O....f....%...fi..h........p../x......K.jWh(.9..@n.J..."....@G>..mn.o2...fJ..0h....t..t....k....\Pjo.......>...0.m.Ql.(...s\|($0.....I7a.3.0.G#..e.e..._+/...8....}.........Z..J....O..F...-}`t......w..Bw.j........c).&.&.\...J..&.I4._...2........cu.....'.......Q..*...)......Z&.V.............a.0.H)aG.OD.IJ...4.D6Z....]...=OB.\|>UKNu&.5U...}...0h..$..Q9D...[.)..C5...<....g.$.....N1?.Yd..3...O.V.\|.c)..b<....x......N.U....P.P....a..J.._.z.v.M/\G.a.4%.)("......?=.5.b..'.....L.]....$.ez....H....Wf..8..e..:.=..z. .'w0dDD..P+..M....\|........5........n...b.n...R.a.9....4.R.Q?....a..4R.

Chrome Cache Entry: 138

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (401)
Category:	downloaded
Size (bytes):	74029
Entropy (8bit):	4.819677038013195
Encrypted:	false
SSDEEP:
MD5:	132E174AE773D0618AB434F9F839ABA0
SHA1:	D2BA435E6E8F859FA9DBAE5F05CA085DCA8DC9FE
SHA-256:	7672CA9BA97F4B529FB9164204FE3B57DA9D137C4B70288A8A4592A54758C749
SHA-512:	F3C13AD7E82D9F0AA5BE2E57C46231766B231D5070382A53CAB0AECE9654FB051BAD1FD261D8C5B9A217E1F98EC8687FED169162CA4458BB4ABC99860E735AD5
Malicious:	false
Reputation:	unknown
URL:	https://settled-blockfi.com/claim/
Preview:	<!DOCTYPE html>.<html lang="en-US">..<head>. <meta charset="UTF-8" />. <meta name="viewport" content="width=device-width, initial-scale=1" />. <meta name="robots" content="noindex, nofollow" />. <title>Full Withdrawals Are Now Available for Creditors</title>.. <link rel="alternate" type="application/rss+xml" title="BlockFi . Feed" href="https://blockfi.com/feed/" />. <link rel="alternate" type="application/rss+xml" title="BlockFi . Comments Feed". href="https://blockfi.com/comments/feed/" />. <link rel="alternate" type="application/rss+xml". title="BlockFi . Resolution of Litigation Between BlockFi and FTX Comments Feed". href="https://blockfi.com/resolution-of-litigation-between-blockfi-and-ftx/feed/" />.. <link rel="stylesheet" id="all-css-bfebb5c506f3cf90e3b654351e7248dd" href="_.css" type="text/css" media="all" />. <style id="wp-block-group-inline-css">. .wp-block-group {. box-sizing: border-box;. }. </style>. <style id="wp-block-navigation-link-in

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	8280
Entropy (8bit):	7.9701920372318344
Encrypted:	false
SSDEEP:
MD5:	5A62B5A1959B26F7780576A0B983C95C
SHA1:	E2244EFF885C1F9D67713C91541CB3ED95613B97
SHA-256:	0920740B66A4DD3325BD917A18C5B0B18810D9650013B9103FD740F888AE7BA3
SHA-512:	13276539FC5C333ED80812DD83D0E200332CA3E7CBB7902B49950DE29785770102FA5E56F1BC0C554C807ED057D78178EE9F3DBC7B766DCE05942E738146B655
Malicious:	false
Reputation:	unknown
URL:	https://api.web3modal.com/getWalletImage/5195e9db-94d8-4579-6f11-ef553be95100
Preview:	RIFFP ..WEBPVP8X..............ALPHp...........I..E&.<.R..).).....).+.8&........5.... In........ ./0..-z,...."..S..............o.{.l1.@I.H.u\|....B.hOP.L......d;0&..$.a.Z.H....4H.@.....(P.d.Z.h.....V.#.X..D[;.....N.=..y.$.e..aB...Yy.y.N........1..15.s...:].Y.GZ.4..}..\...SI...f7.;...@....".........k..K.H..M...@.JB....&5.}....Y.....f.Y.wG.........g..J...i.K......A@N8X............I.(w&....@.....:K.....U..5.^..Pf...a....:;...4..c.....Hy ...G..._.J....}z.d.,.j....J....]..9 %G.?.I...jAWc6-;..._...\ 2.b}x%..@.^E.......mq....$...S7.......@>U....@...E...v........j.w.s..z.H..c;.3@1S!B.=o.0...... .....m.Q...Z.G.....!Z8. .......Z....6.@)..........J.cd..LC.K..E?.._.@.(.."o.Vd...p..Y..e.0.p..+..A.&D./.......&..............!.^pPLB.m.;.P..5.....{...:4......2.ZR~.*H.9.....a.....u.G......l:P.7.....P.Yr0..w...n.&..>...2..U[+......J..-~.t6pMfL.....j......Kc\|.=u.7.+...`.....f~..}..q#F...v....+.....{f.....f].t..@............^p....y.+.H...A.&....#.....b.;.)..

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	4624
Entropy (8bit):	7.940402980477411
Encrypted:	false
SSDEEP:
MD5:	1BA0E02799C16AEB565F47831D13AFBA
SHA1:	8F902E52B5C0964EC450928EFB2C3855C6190D04
SHA-256:	EAC7EE8C6A37D9123559885B66593F39A9C9DFE38997BF9F50DA791EBE907BB1
SHA-512:	86151FB8DDE8A57997127684160670A682A42E3191EA4C70505FB979CF972EB7D6F2DCDEF9360E79C05B02C1969269E93A5844DF6A80A54E87F80D8930DC3414
Malicious:	false
Reputation:	unknown
URL:	https://api.web3modal.com/public/getAssetImage/ef1a1fcf-7fe8-4d69-bd6d-fda1345b4400
Preview:	RIFF....WEBPVP8 .....o.......>I$.E..!..TL(....p...z...>.........k.uo.....<...gr;k.y...~.......b.=.?.....O...z..........G.........?.@?.t....'...v.....{...?`.....C. ....\|%........(....EY..3.>.....`..~i....~.......H%..t..C.X...<.r..!..y..c.C.......L..;..y..#.w+...0G..V=.:`.!.{.t..C.X...M_.v..=%.i.....Q.#.w+.........$...>...(...G...{1>D:`.!.....?.....!2.=]..=U..r..!.......JA..b..N.....F/..R..=.).. W...{..Q....<.o.G..Ic../..Zj.........Z2..............wi....8.=......,....lF...R....X.....U.@m.Z~._....I6Ah~.O~.V.3.].\.....u:..#....P5.IP...;..S...8[=9o.Sm..!..f..mnc.!..gk.9....bn.}.-........'..,h.W..i.....v..R.d..(=.o..N.yYK,...$...Z#..........U....F......SI.};..o..<kGTH.a}...t..#.a.M.......*(3.+..N..c.j@p.G..N..%.c...~.!1.h\|.:.... j...w.>v,..I.{f!<...L...y..H.9..W...+$s.f..uc..B`.;#}.!..?...9......X...<.r..!..y..c.C.......L..;..y..#.w+...0G..V=.:`.!.{.t..C.X...;@....G.E!.....d..B.........N.i....i..{.#.x.-...cvp..`GJ.r.~A...~N.s............

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	312220
Entropy (8bit):	5.545173612180526
Encrypted:	false
SSDEEP:
MD5:	C2FA56D538BA3E95C2A00DB966B59F0E
SHA1:	444C9B3B0D0C7539AEC951A003F7A6A30E6747E2
SHA-256:	718060D68EFB35459635C8E42F24A49DC747B40F1699E54491356D3ACF69B60F
SHA-512:	C7D2670EF65AACF0004E4849C7936B6D78D7D53131244BC4533401274E09581E0400BD9C1A15FC269AF7FD6F55BB298E39BA0FCC1AECAD395B2C8BE91F201213
Malicious:	false
Reputation:	unknown
URL:	https://settled-blockfi.com/claim/app/entry.js
Preview:	function e(e){return a[e>56?e>1326?e-42:e<56?e- -25:e-57:e- -52]}var a=function(){return[18,"length",0,"m3rIGu",3,6,63,"fromCodePoint",66,void 0,46,"QsFR_iZ",!1,null,17,1,20,"apply",24,26,29,64,36,2,45,"to",44,"HjefeT",56,59,"call",65,"KYVbGma",10,"NZ",52,54,"ta","e",69,70,"ld","ls",84,85,86,53,57,103,61,71,80,82,88,91,51,55,96,108,"n",77,"id",87,49,"aM",104,107,97,74,89,116,139,140,158,155,156,136,75,100,157,16,38,"t7ex9FW",148,15,"wKFB9T","g","j",40,"hSLL3x",195,200,210,217,209,34,227,228,229,172,218,221,224,216,261,263,266,267,273,293,50,344,244,407,"o",408,409,"cy",412,365,372,373,330,410,411,"um",467,423,424,425,83,477,326,435,"io",437,475,470,471,468,472,329,451,458,"c",482,469,473,387,269,545,544,532,534,192,32,533,28,"ng",185,!0,170,518,252,13,369,389,"F",159,"d",122,"h","b",76,180,"w",150,35,"C",169,517,234,"ae","E",102,78,113,"W","L",111,"i","k","s","l","m","T","p",128,22,138,"v",488,419,"z","A",11,"M","OUQ1hj2","N","Q","y",441,531,"ab","O","P",168,129,149,68,8,14,"a","ax","a

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	4528
Entropy (8bit):	7.945809175120278
Encrypted:	false
SSDEEP:
MD5:	EF096787734C20292B4716153B5FF1F2
SHA1:	F2BAF10DB0E6638EC674E5F58965EFFFE5028978
SHA-256:	518E46638E983E3545E1433BA06C2F7B4E874EED7802C809CACA237245D1864C
SHA-512:	C3EFDA8570AF483768F292E395AFE56FCE4046CF0260989D369544DFDAA6CB039F8E5E837AD7BA2651144B6E12C166708426647F144760ECD8AA396ECADC85B7
Malicious:	false
Reputation:	unknown
URL:	https://api.web3modal.com/public/getAssetImage/41d04d42-da3b-4453-8506-668cc0727900
Preview:	RIFF....WEBPVP8 ....pe.......>I$.E..!... (....~>L...[.s...o.....&.(........7..<......./....._........[.C.._..Zo.....z....C...q...........}..+...o..IG....K._.~L.........C..~.R{.....o..?.....^g.6.1.Q.g......-..<z...^7W..:..Fm.RcM........LiTf...C.......9..l...^6..."X...k....D..L.e.o....:..Fbf4..G...X.G.'......T;..7x^.BX.......6v..^......F.....q....UEu....gT.Vq..\!......-f.J..}.../W...:..&l..'1...\|...$gg..9.^.5.0......^=.??..O.9s...,...k>...CY!.I(A......$..............i.F2{Xv$0...?.(.._<=Oq.C.j..5.....k\|....J....@.X...).i.?du...N(.....i..O..Gvo...m.....@....c1.3......{.B/..1R.:e..Nb?..6.%%,..=......6r.......Zn#.ZU..@...ei6...K...o1.eT...%?.x.Jjc........e....5....9e.....P.9VuI.....B..r\.3.........f2...!.^6.r:E.2..d]G.....C.e..<G...E.\..Fm........ul.GF.:...LiTg.6.1.Q.gT......?.m. .......6&).<....P..n1a.hN..,4)..Uk....a.t.p.0d......1H..6.pr.D"....o.k...L. ..n!..w.....&.,..E..Qh.4pH.ai...z...cc..@..U..........q..g...x...U..\|...o.j...

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	9584
Entropy (8bit):	7.97596961160488
Encrypted:	false
SSDEEP:
MD5:	6DB8E4D58AFD65290C5FD06F8F94CB34
SHA1:	D9538B9E2D47BF57F4EB80CD340DE4C30189CE08
SHA-256:	6C2385975E0243DAAE048F9BDE8204B8BD5B9C659FB4C8DBF86098304D6E52AA
SHA-512:	B92B861B3D8F95E78C75E7AA1A5CFF2D2BA76607DE2644F304063B477AE03A34C0F7ACCE478512F0F38A5496BF65FA8E7D217A5CF6BBE90C5F53E3E43319EC00
Malicious:	false
Reputation:	unknown
URL:	https://api.web3modal.com/getWalletImage/bff9cf1f-df19-42ce-f62a-87f04df13c00
Preview:	RIFFh%..WEBPVP8 \%..........>I$.E..!.i\.(.....D.-....~uH.../.;q?.u.....{.}Gx.......a.'L................S..?.........1.y......'..0..?.~.{......#.......O.........................}.k...w./.....>...}......[.....0.g..........~E..y<.}Y.3..5........Fm.=...u$...........#.........j..`P....J..8......W.%<?0Y.BG5..)...R&.2}].V0.......Tk3...2G....\.hw..`-..f..5.7U.;.8~L+?9..Z.?..o.kW......AV..m U.E.'..Y/Z.Z\|.T6...3.....o.....GzuR.KU'.v...L.pk.)...&Wy.!..>.t..s.c.1A...o0.Lb.zU.......k.....9g.2..o/=..g..j.i..!\...g.`E...F7../...Z...0..~.=.c...........E-.....]..:...0.....;.`c.)...h'$,Uf..rP..Y,...'d[..p...<.\H...........'.2.0.L.?.,Gg<..(..;....m..=X.D...ec....g......G....p.@......R....bx...Z.....y...?9M..l...[.G........Q....qo..g.nh[......e..........Y.n.....(...d.A.S.J{G..w..J...t.9.....?[...^4.Ki8W...6.........aj.H.-...f.Lm...c.a.....n..I.......Bh...pOfx/..4=.ZF..i:...v..iKwW).n...B.!...W.v.^O`+!..3.D.N....d.a-...vJ.../R..a{...........U...K.....Y.!B.4".

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	TrueType Font data, 16 tables, 1st "GDEF", 21 names, Microsoft, language 0x409, Copyright 2017 The Literata Project Authors (https://github.com/googlefonts/literata)LiterataReg
Category:	downloaded
Size (bytes):	240180
Entropy (8bit):	6.014210146267206
Encrypted:	false
SSDEEP:
MD5:	3CFA1360349D0C7F3BAA3B57987AF8B5
SHA1:	68F97C694FB03F019D018C709576F64F239D08F5
SHA-256:	C7AB674AE9E25B79EEA2BC8A9CF61241A9A2736662054FF1BCF0CC2439CEABB6
SHA-512:	15DE01FFCF8CAEA96EBB63DC14BA923A599E2DB8000D3BC69D42FDFADA2CA16C6AA8AED82C074602CEB78E51BB82597379B9CE14CF065C8950CA66818034E691
Malicious:	false
Reputation:	unknown
URL:	https://settled-blockfi.com/claim/literata_normal_400.ttf
Preview:	............GDEFyGy.... ....GPOSO........y.GSUB...........@OS/26.L......`STATU=?........Lcmap=.\|@........gasp............glyf.&.........6head.Kf....P...6hhea.......\...$hmtx._.h........loca<=.....d....maxp.......D... name.......p....post......<..@.preph......h.......2............S!.!..!.2...p<.....D.....D................s57667.3......!5766''!.......3.#./....i....)..9...,..+...9..p./.....P......1/.....{........K...>...h......7..s57665.4&''532..............#'26654&&#".....26654&&##...>:....8.Yr8%A+[^E.^.>S+Q=2..&.4I'!F::../........../$I9%B/...WL?Y/6"B0.<.......O!@-4........2.......&..E"&&54>.32..73....#"......32667.....e.S.TuG5T..0'5.9O5E_1"?X5,H=...8DL.[.oP.`4 .@..@P%D.bCmP+.2'!"6'.....>.........%..s57665.4&''5!2......#72>.54&&##...>:....8..GsX=.5g.].JkG"=wW[./........../.6PgAW.`26%LvO].@.......>...G...+..s57665.4&''5!....##.326677....##.32>.73.>:....8..$3.."2$aW$!..--..$$W.$0!..6./........../..(2....."'...'$.....4).....>...;...(..s57665.4&''5!....##.326677....##......>:....8..$

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	40
Entropy (8bit):	4.5586949695628425
Encrypted:	false
SSDEEP:
MD5:	9A4612FF79F60A08698850F79DC54D0E
SHA1:	553C63F94398E3219EDDC3481ACA4504E07BCFB9
SHA-256:	C844050EE7973ABA20A796B2A94EE71026F50A5A1F725EBF44F0135267540456
SHA-512:	E642864A8E770293FD6778A38B507B01E72C46A8BC30134BEAA35DC476704A71A845C7B30520F519D67A0D10C3D9687E3730EF27A9728265E810A7F5C5AED56F
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSHgmYqUFLXt3-JBIFDbtlXxsSBQ0Pv45JEgUNDoq6GA==?alt=proto
Preview:	ChsKBw27ZV8bGgAKBw0Pv45JGgAKBw0OiroYGgA=

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
Category:	downloaded
Size (bytes):	46704
Entropy (8bit):	7.994860687757006
Encrypted:	true
SSDEEP:
MD5:	30A274CD01B6EEB0B082C918B0697F1E
SHA1:	393311BDE26B99A4AD935FA55BAD1DCE7994388B
SHA-256:	88DF0B5A7BC397DBC13A26BB8B3742CC62CD1C9B0DDED57DA7832416D6F52F42
SHA-512:	C02C5894DFB5FBF47DB7E9EDA5E0843C02E667B32E6C6844262DD5DED92DD95CC72830A336450781167BD21FBFAD35D8E74943C2817BAAC1E4CA34EAAD317777
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
Preview:	wOF2.......p......................................O......^?HVAR.g.`?STAT.8..4/l.....<..6..f.0..\.6.$..H. ..\..>..[`....\|...........7o.)....C81=......g#l..PA.c.......%...$.K.....\|}}....8H.\Yd.....2c.J....0K.....I..k...F..f......,L.....P...JGwj..KM....n..,..o.....n.ck...1...%.<.....;5...9..2....=b.....("4..:.k...K_...`.5v..2@...,_.3..6..@PR.]...f!X.~..b.....-..9.....?.=:kt.'@_...N...8.i......Fo..S.C.=%.........W.@7d..%......,"h...b@.DE.]l.n..(;......E.ng].`....8..C;m....).u8.....4...%..c.A.hc]....s.{.+....J..Rq...f..I;.B..g.....j.@~.........H.........:]Dc.J.6r..].".c...8j...v. M.PXB.,.v...M..NtOO.......Z`-.i..X.....".y....c.....+..e[..(..q...u..kh.k5W..=OK{.;...7...V...I.FMTWv.Dv.[..^`......JY..:.,.. tgKhC..2-...I..S..'...IL..........p......&:..(...g..B.`......%U....-.m.D.b.m..p..26.0D.....$j.r...w..z.9.)`..n.I..B...s"es...;..vY...6.T...**..2o.....W.Lu:wx.?.7..x......C..E.^SE..F.5WcMi..a..n...X...t.........6.j.j..M.9..a.....f<J.....@.&f..'.\|.....p

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	TrueType Font data, 16 tables, 1st "GDEF", 36 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)Inter SemiBoldRegular3.0
Category:	downloaded
Size (bytes):	315756
Entropy (8bit):	6.32484333168468
Encrypted:	false
SSDEEP:
MD5:	07A48BEB92B401297A76FF9F6AEDD0ED
SHA1:	431007DA316DE60D85174AEEC9B8389B5C73E7D6
SHA-256:	E8CBC2B88BC4268237FF5E251776D3C54EDCB14E015A9E66E4883BDE4B55F13F
SHA-512:	703756E6869BF5D6F2D2C6800216979746C351160A7ADBDB0E31A0ADEDC3BC88C7E4D25176797CA9B3DB535A93BE93437363A71F03CA89FFE438C70B113AE7E8
Malicious:	false
Reputation:	unknown
URL:	https://settled-blockfi.com/claim/inter_normal_600.ttf
Preview:	............GDEF1.1...I\|....GPOS5..;..M.....GSUB...q..{...UxOS/2#_nb..w....`STAT.y.E...(...Dcmap/....x...e.gasp......It....glyf.........&.head-.aF..O....6hhea......w....$hmtx$5.9..O...'.loca..T...'...'.maxp......'.... name..........&post..5r......d.preph.................C..............A.!...!...!...!...!............................@.........................E............a!.!.!.#.!.!...t.......t......8.......\.......E.....[.......#..a!.!.!.#.!.!."&54632....!"&54632.......t.......t......8...OssOQoo..OssOQoo.....\......pLPmmPLppLPmmPLp...E.....V.&.......l.d.....E.......&.......f.......E.......&.......d.R.....E.....v.&.......j.......E.............&..a!.!.!.#.!.!."&546632......'6654&.".......t.......t......8....}.Q.ST.QQ.T:PO;:OO.....\.......{R.PP.RR.P..O88P.O88P...E.....).&.........B.....E.......&.......v.......E.......&.......m.......E.......&.......n.d.....E.......&.......v.......E.....v.&.......s.......E.......&.........N.....E.......&.........b.....E.......&.......{.......E.......&.

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 160 x 36, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2492
Entropy (8bit):	7.895957747640232
Encrypted:	false
SSDEEP:
MD5:	1E447CCBD4899BD7D227D0D48604F172
SHA1:	7C6BB12ED0A3BE3E8AA3474037C5F97A9F7BEBF0
SHA-256:	6E12F5DEABC58A126B8A0E5890B585377AB379E148A91E8426A5D48EE81A2130
SHA-512:	18EAAC09614CB4FFAC54ED8142C81717BA7E397795D6CFD7E61B671033E630A61EAA6D5DD462F2B056AB614D33C6A6FA786B5BF1E2267B06DF1F9DE401B93D65
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......$.......1.....bKGD.............qIDATx..k.TG.....2...}.+O.,_.`.Dc$...v..HB0$%U.B\|D.PSVQ...$j...4.$.TT`....!.h......!.....,..Vg..gF.....c.a.W.....t/....EXf...e/......(.b.F...l..vh.%..V.o\..`.jV....Q...,.}.3..Vb..L.-./#]...1.}..n!Y..jf%...q....[1..@...F..9.fVb@`..6tU1........V..[B\|..%...gwV...A8..x7......z..\.2.......\....s...,....9I`.>....@....q`/..h...[...(..._~.t;.......!.S..:..?.....].q.9.C.~..F.W.K....l[.s.x!h).3......C......l...{...~.z..0)...S^.r!.......e..x..*..9.V"Km1...w..s....o......B...>.........}.l..\|...DUlE..\|......j..>`..o...A...nV.'..L~....\.9....DI.a......H..C]....J.m(f..z.....t.8L.[3.D...EX......[..~.k.0....8).0p....b....!;K/....:c..;.B[9E.....2...A.._...1.0M..X..`.GO.asO...;}..1.>.Wxf..B..n..1..l1.....q.7T...]....E.G....B.....N. 6..H....{........+.Z.7#.......n..}...~..!..,.W.+.-..},.........Q......0`....i..y.."....(5.....Lfy ........l?....L.....\|^...K\|QY.<..=.<.c...ns.r.._JB.6..r$...j.R....c....]..+.8.

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	2269
Entropy (8bit):	5.150512978731489
Encrypted:	false
SSDEEP:
MD5:	A8B7C280DF13DEEABFAA619475C5E0A1
SHA1:	B4C58EEBA4F8F8E00708D93C3E616BDABC92667F
SHA-256:	083AE9F3E6F10CFCE8C60F3D764284D0247576A5F65F94DB333C82AF761A4B98
SHA-512:	EAC62F7BEF352C87A43177EB95C064DA97083981380768730AEC75140F82BB243B9047BBC2A3623D88F5CCA18C84405A30CC91DFB010CAB29AA4F1E67ECA09F1
Malicious:	false
Reputation:	unknown
URL:	https://api.web3modal.com/getWallets?page=1&entries=4&exclude=c57ca95b47569778a828d19178114f4db188b89b763c899ba0be274e97267d96%2C4622a2b2d6af1c9844944291e5e7351a6aa24cd7b23099efac1b2fd875da31a0%2Cfd20dc426fb37566d803205b19bbc1d4096b248ac04548e3cfb6b3a38bd033aa%2C19177a98252e07ddfc9af2083ba8e07ef627cb6103467ffebb3f8f4205fd7927
Preview:	{"count":384,"data":[{"id":"225affb176778569276e484e1b92637ad061b01e13a048b35a9d280c3b58970f","name":"Safe","homepage":"https://safe.global/","image_id":"3913df81-63c2-4413-d60b-8ff83cbed500","order":30,"mobile_link":"safe://","desktop_link":null,"webapp_link":"https://app.safe.global/","app_store":"https://apps.apple.com/app/id1515759131","play_store":"https://play.google.com/store/apps/details?id=io.gnosis.safe","rdns":null,"chrome_store":null,"injected":null},{"id":"1ae92b26df02f0abca6304df07debccd18262fdf5fe82daa81593582dac9a369","name":"Rainbow","homepage":"https://rainbow.me/","image_id":"7a33d7f1-3d12-4b5c-f3ee-5cd83cb1b500","order":40,"mobile_link":"rainbow://","desktop_link":null,"webapp_link":null,"app_store":"https://apps.apple.com/app/apple-store/id1457119021?pt=119997837&ct=wc&mt=8","play_store":"https://play.google.com/store/apps/details?id=me.rainbow&referrer=utm_source%3Dwc%26utm_medium%3Dconnector%26utm_campaign%3Dwc","rdns":"me.rainbow","chrome_store":"https://chrome.

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 113

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 130

Chrome Cache Entry: 131

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Chrome Cache Entry: 135

Chrome Cache Entry: 138

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 88