Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
http://pbsj.bricks-co.com

Overview

General Information

Sample URL:http://pbsj.bricks-co.com
Analysis ID:1454568
Infos:

Detection

Score:3
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Stores files to the Windows start menu directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6288 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://pbsj.bricks-co.com/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 4580 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1840,i,6074641252455209707,11052010063824975806,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Networking
  • System Summary
  • Persistence and Installation Behavior
  • Boot Survival

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://pbsj.bricks-co.com/HTTP Parser: No favicon
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1038006026\LICENSE.txt
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.16:63292 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:63292 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:63292 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:63292 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:63292 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:63292 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:63292 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 104.126.37.178
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: pbsj.bricks-co.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: pbsj.bricks-co.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63295
Source: unknownNetwork traffic detected: HTTP traffic on port 63295 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1672132068
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1672132068\sets.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1672132068\manifest.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1672132068\LICENSE
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1672132068\_metadata\
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1672132068\_metadata\verified_contents.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1672132068\manifest.fingerprint
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1038006026
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1038006026\LICENSE.txt
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1038006026\Filtering Rules
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1038006026\manifest.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1038006026\_metadata\
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1038006026\_metadata\verified_contents.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1038006026\manifest.fingerprint
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_328367691
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_328367691\Google.Widevine.CDM.dll
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_328367691\manifest.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_328367691\_metadata\
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_328367691\_metadata\verified_contents.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_328367691\manifest.fingerprint
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1462026164
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1462026164\keys.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1462026164\manifest.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1462026164\LICENSE
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1462026164\_metadata\
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1462026164\_metadata\verified_contents.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1462026164\manifest.fingerprint
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_335959110
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_335959110\cr_en-us_500000_index.bin
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_335959110\manifest.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_335959110\_metadata\
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_335959110\_metadata\verified_contents.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_335959110\manifest.fingerprint
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\chrome_BITS_6288_914497926
Source: classification engineClassification label: clean3.win@25/28@6/110
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://pbsj.bricks-co.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1840,i,6074641252455209707,11052010063824975806,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1840,i,6074641252455209707,11052010063824975806,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_328367691\Google.Widevine.CDM.dllJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_328367691\Google.Widevine.CDM.dllJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1038006026\LICENSE.txt
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		21
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://pbsj.bricks-co.com0%Avira URL Cloudsafe
http://pbsj.bricks-co.com0%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_328367691\Google.Widevine.CDM.dll0%ReversingLabs
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_328367691\Google.Widevine.CDM.dll0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
pbsj.bricks-co.com0%VirustotalBrowse
www.google.com0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://pbsj.bricks-co.com/0%Avira URL Cloudsafe
http://pbsj.bricks-co.com/0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.250.186.164
truefalseunknown
pbsj.bricks-co.com
31.216.61.144
truefalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://pbsj.bricks-co.com/false
    		unknown
    http://pbsj.bricks-co.com/false
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    34.104.35.123
    		unknownUnited States
    		15169GOOGLEUSfalse
    1.1.1.1
    		unknownAustralia
    		13335CLOUDFLARENETUSfalse
    239.255.255.250
    		unknownReserved
    		unknownunknownfalse
    31.216.61.144
    		pbsj.bricks-co.comPoland
    		20860IOMART-ASGBfalse
    142.250.74.206
    		unknownUnited States
    		15169GOOGLEUSfalse
    142.250.186.131
    		unknownUnited States
    		15169GOOGLEUSfalse
    173.194.76.84
    		unknownUnited States
    		15169GOOGLEUSfalse
    142.250.186.164
    		www.google.comUnited States
    		15169GOOGLEUSfalse
    142.250.184.227
    		unknownUnited States
    		15169GOOGLEUSfalse
    142.250.184.238
    		unknownUnited States
    		15169GOOGLEUSfalse

    Private

    IP
    192.168.2.16
    192.168.2.5

    General Information

    Joe Sandbox version:40.0.0 Tourmaline
    Analysis ID:1454568
    Start date and time:2024-06-10 14:41:10 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowsinteractivecookbook.jbs
    Sample URL:http://pbsj.bricks-co.com
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:14
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • EGA enabled
    Analysis Mode:stream
    Analysis stop reason:Timeout
    Detection:CLEAN
    Classification:clean3.win@25/28@6/110
    • Exclude process from analysis (whitelisted): svchost.exe
    • Excluded IPs from analysis (whitelisted): 142.250.186.131, 173.194.76.84, 142.250.74.206, 34.104.35.123
    • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
    • Not all processes where analyzed, report is missing behavior information

    Created / dropped Files

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jun 10 11:41:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
    Category:dropped
    Size (bytes):2673
    Entropy (8bit):3.97669832098011
    Encrypted:false
    SSDEEP:
    MD5:12C04AC4C054BF9B3D18A42CA628AE2F
    SHA1:BF22DCE2717CC7FC6AE367356CE03840E729A3E7
    SHA-256:E4D6DD2882F531A3308F26B24A29AC7FBF0A6CA6686F63B2A809B74D4013426C
    SHA-512:987B5E058527468827091E698AB5E065A4B0199D92B91979C083936DAF296D83EA8C381F67D74AD142EA4C979756EA2702337867CE0E60D16EE65490A972CB9B
    Malicious:false
    Reputation:unknown
    Preview:L..................F.@.. ...$+.,.....db.3...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X+e....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X5e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X5e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X5e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X6e...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........v.W......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jun 10 11:41:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
    Category:dropped
    Size (bytes):2675
    Entropy (8bit):3.9929319499047127
    Encrypted:false
    SSDEEP:
    MD5:406B4CE33FB5079EE5DC16145C23810D
    SHA1:A7ED4AE4E6D4962C4992D53022074624536E30CF
    SHA-256:C413B2C7FD7C694D3F4B62EC9BC68068B3EFAF80A0C1D78AF2DEA005326E75A5
    SHA-512:9DCF061C6B5C30E301FF17DEC59766DD3B6E7C3A9D86EE7E5C15F9867122A8256530A5E693DEAA2D1BA7C2659D40B120BCCEB81A2BB419000212973BE67DC072
    Malicious:false
    Reputation:unknown
    Preview:L..................F.@.. ...$+.,......W.3...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X+e....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X5e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X5e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X5e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X6e...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........v.W......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
    Category:dropped
    Size (bytes):2689
    Entropy (8bit):4.002024583528388
    Encrypted:false
    SSDEEP:
    MD5:087F5E327613E3A49E37E939768C7DD3
    SHA1:005A97803FBC40AB614492E1D996C34345386BE9
    SHA-256:4C4DA449E7400A614C49BE87819E14BF985DFD10ABE4157406E87ADDF0A9DA29
    SHA-512:00562FB6DF02D609B38AE67B7324C283397E3CDFE10A436ECB1BB52FFF9E561F0EF32A96FF2EAE04B049B4CBC6A83375C662E219C8DBFEA584B62FA35B0E8E77
    Malicious:false
    Reputation:unknown
    Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X+e....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X5e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X5e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X5e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........v.W......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jun 10 11:41:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
    Category:dropped
    Size (bytes):2677
    Entropy (8bit):3.991878859390081
    Encrypted:false
    SSDEEP:
    MD5:DA3EDBF35B95BD0B95D42A3D8B470478
    SHA1:5D993722639736129D0031C4287666AB93D60DA4
    SHA-256:82EE8C280C48FF7F0C94FD257BA254FBE3ADDA38359AEB703D3B5620804D12F2
    SHA-512:F9D570D090DFA9E790F48C4E2BD811CC983F194D60C5FC448B5136ADA7C6C91D75C221618DC218088E36E3E290C1EEC094AD6A9163C7F8F967C9CAD4F7B54D49
    Malicious:false
    Reputation:unknown
    Preview:L..................F.@.. ...$+.,.....&Q.3...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X+e....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X5e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X5e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X5e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X6e...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........v.W......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jun 10 11:41:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
    Category:dropped
    Size (bytes):2677
    Entropy (8bit):3.9820741534507413
    Encrypted:false
    SSDEEP:
    MD5:3B1E36661304C8AB2F6046348157ED02
    SHA1:F5C2014D3480CC167B2691158FEB096BADD038B3
    SHA-256:34ECBBBA3B668B93E8FCF5C77307D401BE08A00EFDEF709A4C3CED7681CD1BFC
    SHA-512:F85D2C7A8AFC1052FE16B31291D32D07F44555CEFDA8013D93126F8912F63A16A037C4A8619B28CCBAA4B452BA18098B9E5B93552E9F0C62307691EF1E772CC9
    Malicious:false
    Reputation:unknown
    Preview:L..................F.@.. ...$+.,......].3...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X+e....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X5e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X5e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X5e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X6e...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........v.W......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jun 10 11:41:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
    Category:dropped
    Size (bytes):2679
    Entropy (8bit):3.990286152938606
    Encrypted:false
    SSDEEP:
    MD5:6C41717FB9890679DA8ABDE696D37ECA
    SHA1:5DBD35CD04A12196304E2E5B8AEF70CCB0B3866C
    SHA-256:83BB2C8249475729C7A305472E1C87312FD2045290D211596B55B7D12C78C8B6
    SHA-512:7B83F9BD42126C1929CC24827AA978977DA329581358399CB26274638F9EADAD54A24D0284BA9CE0EFF007E7BF152D3A65A453AD5AAFDA31436B86F46F99BE46
    Malicious:false
    Reputation:unknown
    Preview:L..................F.@.. ...$+.,......G.3...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X+e....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X5e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X5e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X5e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X6e...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........v.W......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1038006026\Filtering Rules

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:data
    Category:dropped
    Size (bytes):70106
    Entropy (8bit):5.53028222391977
    Encrypted:false
    SSDEEP:
    MD5:6274A7426421914C19502CBE0FE28CA0
    SHA1:E4D1C702CA1B5497A3ABCDD9495A5D0758F19FFC
    SHA-256:AE2FD01D2908591E0F39343A5B4A78BAA8E7D6CAC9D78BA79C502FE0A15CE3EE
    SHA-512:BF1287F502013308CDD906F6E42998C422EF1E272B348E66122DC4A4E471D01333B418F48D1BB2198C72845BDC950612597E179E612AAA1BA6CF8D48FB8F0CF5
    Malicious:false
    Reputation:unknown
    Preview:............0.8.@.R.-728x90...........0.8.@.R.adtdp.com^..........0.8.@.R.yomeno.xyz^..........0.8.@.R.yellowblue.io^..........0.8.@.R.ad999.biz^..........0.8.@.R._468_60...........0.8.@.R.pemsrv.com^.-........*...konograma.com..0.8.@.R./adserver.."......0.8.@.R./plugins/cactus-ads/.,........0.8.@.R.mysmth.net/nForum/*/ADAgent_..........0.8.@.R.indoleads.com^.%......0.8.@.R.discordapp.com/banners/.E........*...daum.net0.8.@.R)daumcdn.net/adfit/static/ad-native.min.js.(........0.8.@.R.looker.com/api/internal/.#........0.8.@.R.broadstreetads.com^..........0.8.@.R./banner.cgi?..........0.8.@.R./in/track?data=.!......0.8.@.R.linkbucks.com/tmpl/..........0.8.@.R.ezojs.com^..........0.8.@.R./adimage...........0.8.@.R.clicktripz.com^.%........0.8.@.R.actualreflection.com^.Q........*...weatherbug.net0.8.@.R/web-ads.pulse.weatherbug.net/api/ads/targeting/..........0.8.@.R.-ad-manager/.#........0.8.@.R.searchad.naver.com^..........0.8.@.R./page-links-to/dist/new-tab.js........0.8.@.R.files.slack

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1038006026\LICENSE.txt

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):24623
    Entropy (8bit):4.588307081140814
    Encrypted:false
    SSDEEP:
    MD5:D33AAA5246E1CE0A94FA15BA0C407AE2
    SHA1:11D197ACB61361657D638154A9416DC3249EC9FB
    SHA-256:1D4FF95CE9C6E21FE4A4FF3B41E7A0DF88638DD449D909A7B46974D3DFAB7311
    SHA-512:98B1B12FF0991FD7A5612141F83F69B86BC5A89DD62FC472EE5971817B7BBB612A034C746C2D81AE58FDF6873129256A89AA8BB7456022246DC4515BAAE2454B
    Malicious:false
    Reputation:unknown
    Preview:EasyList Repository Licences.... Unless otherwise noted, the contents of the EasyList repository.. (https://github.com/easylist) is dual licensed under the GNU General.. Public License version 3 of the License, or (at your option) any later.. version, and Creative Commons Attribution-ShareAlike 3.0 Unported, or.. (at your option) any later version. You may use and/or modify the files.. as permitted by either licence; if required, "The EasyList authors.. (https://easylist.to/)" should be attributed as the source of the.. material. All relevant licence files are included in the repository..... Please be aware that files hosted externally and referenced in the.. repository, including but not limited to subscriptions other than.. EasyList, EasyPrivacy, EasyList Germany and EasyList Italy, may be.. available under other conditions; permission must be granted by the.. respective copyright holders to authorise the use of their material.......Creative Commons Attribut

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1038006026\_metadata\verified_contents.json

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1529
    Entropy (8bit):5.993464908806813
    Encrypted:false
    SSDEEP:
    MD5:9595F2EA36EF722F875DE37BAC248BFE
    SHA1:1F676CCD0DEE25DFF34C4820A5C5FB1474DE94F4
    SHA-256:5227D3F5D7F4F9014250D9E8FBF833E342A0ECC74C00EEBBD11A02310586FA1E
    SHA-512:E42D38184438A76B070CF333E6E2CAD2931D83462C8F43078A58CF66896D99882B26033F729994C04ABFE2BB9BE3BA412AD8D50229F6E7007F3F26962D586DEC
    Malicious:false
    Reputation:unknown
    Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJGaWx0ZXJpbmcgUnVsZXMiLCJyb290X2hhc2giOiJINkw1U2Y4R3V2dlFLMldmLU5URUJPcGduUHQ2ZXlNOE1saDNRdWNzYUtvIn0seyJwYXRoIjoiTElDRU5TRS50eHQiLCJyb290X2hhc2giOiIyaWswNmk0TFlCdVNHNWphRGFIS253NE9pdnVSRzZsQ0JKMVk0TGtzRFJJIn0seyJwYXRoIjoibWFuaWZlc3QuanNvbiIsInJvb3RfaGFzaCI6IkFWTGhmcFI0amx3XzhTVHlrRzBkbGR4dmk0bE13bjdCRkxEbk9fYmFWUGsifV0sImZvcm1hdCI6InRyZWVoYXNoIiwiaGFzaF9ibG9ja19zaXplIjo0MDk2fV0sIml0ZW1faWQiOiJnY21qa21nZGxnbmtrY29jbW9laW1pbmFpam1tam5paSIsIml0ZW1fdmVyc2lvbiI6IjkuNDkuMSIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"2ewGqwW0rWfqv9OeNI6k7idyUelFKWOszHK7vAWoVUSQEiO_Ww4MUkFl3VsAKsRZSS7cegWZQ3mRDXvHJ7QemZtwBI_r8fjFD61ZkMglRngSOpozNnIFZnkFkqsGKN7sbAqFUFNPpl1I7NWwPmAnqFyKkazEj4wXLaoQqhK8HM_A6Jd7i9AVWnPDVAx7YmB3Q_K7BmM2mkKx7KP6wxjtA9pS-OfliLawjnc0HzseW50Qwr6Mq

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1038006026\manifest.fingerprint

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:ASCII text, with no line terminators
    Category:dropped
    Size (bytes):66
    Entropy (8bit):3.84766837175646
    Encrypted:false
    SSDEEP:
    MD5:97A21B537A496DDB93F258BE89D5157E
    SHA1:640FAB7CC72FF72C1DAE9F94D4D3B45E9D07CCE3
    SHA-256:6FA60CD5A6A1B84DFBB38135B514BB7973ED1C648D47F308848EE67590A5A44C
    SHA-512:526F5CB036A773C33A56CC417C048FB739763DE492D0AB9D2AB6ADA502B6C39C2698E07E569C64C8FBF101C2C6C5A88B70BF346DE154810A2072321D29A2B46D
    Malicious:false
    Reputation:unknown
    Preview:1.cd1978742a4afdbaaa15bf712d5c90bef4144caa99024df98f6a9ad58043ae85

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1038006026\manifest.json

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):114
    Entropy (8bit):4.529806411032915
    Encrypted:false
    SSDEEP:
    MD5:4C30F6704085B87B66DCE75A22809259
    SHA1:8953EE0F49416C23CAA82CDD0ACDACC750D1D713
    SHA-256:0152E17E94788E5C3FF124F2906D1D95DC6F8B894CC27EC114B0E73BF6DA54F9
    SHA-512:51E2101BCAD1CB1820C98B93A0FB860E4C46172CA2F4E6627520EB066692B3957C0D979894E6E0190877B8AE3C97CB041782BF5D8D0BB0BF2814D8C9BB7C37F3
    Malicious:false
    Reputation:unknown
    Preview:{. "manifest_version": 2,. "name": "Subresource Filtering Rules",. "ruleset_format": 1,. "version": "9.49.1".}

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1462026164\_metadata\verified_contents.json

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1862
    Entropy (8bit):6.017039297265359
    Encrypted:false
    SSDEEP:
    MD5:7AE91DF6D7B9F6BE14F6A30A9420BBF8
    SHA1:258AE779974FDE835F7513F6ACC001D6AF165E0B
    SHA-256:9FD729AFB4E3E58AA04A35031E3BD3CDF3B7EEC9E7D557EA2BB3D31E2D28491A
    SHA-512:76B9B7AF1901215E1D6AACA5529CA86A2A3E196F5FFDB654BD019DB79A67C59FF85187692AD1657F66D19C8E570BC2B9A83B992761E2D044E9A9737D5B0DB200
    Malicious:false
    Reputation:unknown
    Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6ImtleXMuanNvbiIsInJvb3RfaGFzaCI6Im1GS0hlTGxvRGlOQlNBT1dIcXZ5UjQyZ016TjFvNzR3MEQ3cHV0a0lvdWsifSx7InBhdGgiOiJtYW5pZmVzdC5qc29uIiwicm9vdF9oYXNoIjoiODdBaUc3TXZqTkR4VGNPOUZJN19QX0tid0lOTlg2V25QLVdTUG05RktNTSJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImtpYWJoYWJqZGJramRwamJwaWdmb2RiZGptYmdsY29vIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC42LjUuMSIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"OlcqytODqRX9fKsYOVbTB5jfUL36Ra-G6N4-rL6yphMkpQFoNDyyRSEiqoc55sHOBRuPzxszs61ezP1YZcSRbKN0HldAlAn0NxSTrBHGUoqkZxhdA8W1h4D0xzqyGlW3CJKLevMezaGqrVwzpd0V8BzxgcoeGaVJtpyCtfdDi7dkxd0izGh1-tNTNXowYFh8NskCx_QwIN8BPDptrn0l42OQXCkrp9W7qDlmtRW_ezpbhuZ8zBFUNgCo6

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1462026164\keys.json

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):6923
    Entropy (8bit):5.974782157979181
    Encrypted:false
    SSDEEP:
    MD5:D7275BBD33C42029C586A3C4162F7727
    SHA1:62942A391DEDF1EAB7BC9AE2FA68AB5885CFC231
    SHA-256:FC926F3DC9C0051FB2CDAE123BE615576AA63D636A08B2AA48564311758E702F
    SHA-512:849A7C5F2617035EB84B88C7B014F2424AE7FD05CC51554E7E4462A836477F1FFEC494025F4B09024BD374CBCD5330EE896A8FF90C3E44E96858F5AD72012E67
    Malicious:false
    Reputation:unknown
    Preview:{"https://issuer.captchafox.com":{"PrivateStateTokenV1VOPRF":{"batchsize":1,"id":1,"keys":{"0":{"Y":"AAAAAQQiyE+SESbq7GU5rTx6tZO4tBOxljp+Oya2mU28O+YoALIyXlLLqnl/h5h95ExYSsOlmMIb8EdsJBTrCaDl/KIZSskrfMbZpjhShG0jwnbXojEHI9WaAxKLkX/A/DkyMEg=","expiry":"1734807628115000"},"1":{"Y":"AAAAAQRNtld+5LLBquS4bEJKJwlLw61tzIyqTNkvMVnUTu+YiphbdGrRCjeDTN9D3p1Tgpfmq0N/OKMBYWzDMEN8Km9p9s49c6N2ph4B1MV1m7Ogdj969MOsTw54Kc849oqDl8s=","expiry":"1734807628115000"},"2":{"Y":"AAAAAQSBWW003A3ORFURCZrWNnbEIH15yzk184DaLSebbGzRdyCYtAM1qhhVmXZyBtWTzh6Bfkk5rLPyE1xdQilofPBizF/QJsdaMU0GYhPW1sOU4xoKbmgd/XrnOoFqA2ETOuc=","expiry":"1734807628115000"},"3":{"Y":"AAAAAQSG/ftGdm5B6iwAmVsHt6s43xx3nRf/Vpx9GdeEt3jSTM8hHvyLE9FAEkinGjt4Fp5EjnkCdE96Cxz10nZJRrMApIrGhG5kAoDu4T8PjJPiFQFyHAOdTG7OJWi2NS/rl1A=","expiry":"1734807628115000"},"4":{"Y":"AAAAAQT36tqe550UP5A+4Eokt8iuPZEuWQc9cGJXd7zUCZzrsqtGu3PMcVbOj5DjC4W+yoyF3HqKOqdtiBWgcMsZOcyln/6jUKqf5tS9AoIHa9CC3kQB8ISQd3lhR5j+qWVY8ms=","expiry":"1734807628115000"},"5":{"Y":"AAAAAQQMjaLNCR

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1462026164\manifest.fingerprint

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:ASCII text, with no line terminators
    Category:dropped
    Size (bytes):66
    Entropy (8bit):3.9153106967066145
    Encrypted:false
    SSDEEP:
    MD5:C01D4B9242B40985E76690EA65C0372C
    SHA1:560E6405315C53320C568884256C14438E9CB341
    SHA-256:2150AF2614F156348B806F64BD3C3FDEE51FC82214F6B91F86DD04947B36247A
    SHA-512:4F27316A848CD9C0B83FF174C671B61EA1B3819BD06B0204D61C26EDC05FE8B31230BAEDADCC65C98F59069EC157C2E862C6D4DC03968A48EC41DE06331B12D1
    Malicious:false
    Reputation:unknown
    Preview:1.9e8b5281e830ef98473ebe00b121ecdad269c9dec6a305cdffc18f8df0f2aa17

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1462026164\manifest.json

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):78
    Entropy (8bit):4.461657354427988
    Encrypted:false
    SSDEEP:
    MD5:9A8BF54F47C416DF62F5DF371674963B
    SHA1:CC7A28747DD196612FE86C566CA3A66EC0376671
    SHA-256:F3B0221BB32F8CD0F14DC3BD148EFF3FF29BC0834D5FA5A73FE5923E6F4528C3
    SHA-512:3CEF10C8621ED9EE7C8B670DAB1A47A4AB44D8384B8C8A4C36FC2578A78ABFCD424CFE39B1B32B32198E5CF0F052FF45FECA1E49AAD845D67AAB61F971E79DF3
    Malicious:false
    Reputation:unknown
    Preview:{. "manifest_version": 2,. "name": "trustToken",. "version": "2024.6.5.1".}

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1672132068\LICENSE

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):1558
    Entropy (8bit):5.11458514637545
    Encrypted:false
    SSDEEP:
    MD5:EE002CB9E51BB8DFA89640A406A1090A
    SHA1:49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
    SHA-256:3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
    SHA-512:D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
    Malicious:false
    Reputation:unknown
    Preview:// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1672132068\_metadata\verified_contents.json

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1862
    Entropy (8bit):6.00616871206187
    Encrypted:false
    SSDEEP:
    MD5:B7A903545C78EA7555231CDDA0CCD8BA
    SHA1:81F7BD7738837540842292A547FB2B91C25250FD
    SHA-256:E34C603FA36A5EABF815E24C50C2BB4A7589D6C959FC09E6A8773E079EB2B8A5
    SHA-512:DF2B3FA8E147500B468D83E9A6FA39A9B77C7162783E512A332DCBAC8099A094084337B3E3F71E755FEF070BBE56C4266D131236D58AAA5559BD5DFE610EF89B
    Malicious:false
    Reputation:unknown
    Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJmRE9abjBzc1NUOU4tSlp2RVJxSmVxVkRDSmxxRnQ5MjEwakpSai1zT1BVIn0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiOGFBdnhTQzd3c3l4VmRFeDBibEhPdUtCamNUS1ZTSDNkNkVGZ1RxS0ZfSSJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC42LjUuMCIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"WduI6rdNnhquti5ufHshiTbQ2X5pQ4utS0KNZOHsU2CL1gYUoatVs0z0PBHdjTG_grUlh_V1f96kcjhetu78ZxSUtbncScELp9GTUEgzhVksdjmHrlLayp_LrzdLQ4jJuLcxNaXHvaBgK0w3An1hhjWyV_gjG4DzuCOCdAEeqc6nPAliOYdmhozaZ1HFQBFQvygmxzVOY4bzQBJIqR7SnVgd4Dor4UBki5kPgpLWSZC1uqBsqsbRdOi68

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1672132068\manifest.fingerprint

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:ASCII text, with no line terminators
    Category:dropped
    Size (bytes):66
    Entropy (8bit):3.8949322426468203
    Encrypted:false
    SSDEEP:
    MD5:BA068A68665157ABBCC246A9A438DB12
    SHA1:666BEFBAAF7808797CD6B2ADF77CC5CC35F3DB96
    SHA-256:C3E980DE220FDE78B01AD3094FC15BB8FA68F8BFF4577144A02102CC3F11A3A5
    SHA-512:86636C9A5718ECF90B10D0D413A9166DCB5A57D50AD42ED416326083BB3BA7DCBFA691F31F8449BA2CFCF18F73E26F24DAEFC091527C1D364CF1CE84D70C02B2
    Malicious:false
    Reputation:unknown
    Preview:1.a3d6a61ef91958b5b310f743f33936d345f2f4f5b2417ac069660b7f9cfbdd4e

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1672132068\manifest.json

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):84
    Entropy (8bit):4.445747664309578
    Encrypted:false
    SSDEEP:
    MD5:CE3ABB2216AB9D9FB849F237079940A8
    SHA1:83B7B7C072992090350A70F72AC1F1D2ACA3AC93
    SHA-256:7C33999F4B2C493F4DF8966F111A897AA54308996A16DF76D748C9463FAC38F5
    SHA-512:C1E0614D545A928A3572A50A5C0621952ABDFB25A10555706152DF612B745FE428E13CF40E6B9DBC10222EAA9E91AADF9253DF44893D8F473E9A46FBB591EAFB
    Malicious:false
    Reputation:unknown
    Preview:{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.6.5.0".}

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_1672132068\sets.json

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):8380
    Entropy (8bit):4.620718138514841
    Encrypted:false
    SSDEEP:
    MD5:DFA8F99B100DDF9C4EE7C2D843B5ED11
    SHA1:9F51271CD2093C2DFFF222699C8EC75D0214B754
    SHA-256:FEF0CA4297891D45C2871BBD3672C587F5D85FD560D5F236567951D79FEFF394
    SHA-512:E9CF1159255DB4A47412934BB8569D10D1FF75B496EEFAF2070183A2CD555691CA4D22F83F1508FDC3ACFB7C6E3EE6F56864ED2B3E44FCAC524A96DC913B30F6
    Malicious:false
    Reputation:unknown
    Preview:{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://elpais.com.uy","associatedSites":["https://clubelpais.com.uy","https://paula.com.uy","https://galli

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_328367691\Google.Widevine.CDM.dll

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):2877728
    Entropy (8bit):6.868480682648069
    Encrypted:false
    SSDEEP:
    MD5:477C17B6448695110B4D227664AA3C48
    SHA1:949FF1136E0971A0176F6ADEA8ADCC0DD6030F22
    SHA-256:CB190E7D1B002A3050705580DD51EBA895A19EB09620BDD48D63085D5D88031E
    SHA-512:1E267B01A78BE40E7A02612B331B1D9291DA8E4330DEA10BF786ACBC69F25E0BAECE45FB3BAFE1F4389F420EBAA62373E4F035A45E34EADA6F72C7C61D2302ED
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....fd.........." ......(..........A&.......................................,.......,...`A.........................................V*......V*......`,......`+..p....+. )...p,......D*.8....................C*.(.....(.8...........p\*..............................text.....(.......(................. ..`.rdata..h.....(.......(.............@..@.data....l....*..&....*.............@....pdata...p...`+..r....*.............@..@.00cfg..(.....+......p+.............@..@.gxfg....$....+..&...r+.............@..@.retplnel.... ,.......+..................tls.........0,.......+.............@....voltbl.D....@,.......+................._RDATA.......P,.......+.............@..@.rsrc........`,.......+.............@..@.reloc.......p,.......+.............@..B........................................................................................................................................

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_328367691\_metadata\verified_contents.json

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1778
    Entropy (8bit):6.02086725086136
    Encrypted:false
    SSDEEP:
    MD5:3E839BA4DA1FFCE29A543C5756A19BDF
    SHA1:D8D84AC06C3BA27CCEF221C6F188042B741D2B91
    SHA-256:43DAA4139D3ED90F4B4635BD4D32346EB8E8528D0D5332052FCDA8F7860DB729
    SHA-512:19B085A9CFEC4D6F1B87CC6BBEEB6578F9CBA014704D05C9114CFB0A33B2E7729AC67499048CB33823C884517CBBDC24AA0748A9BB65E9C67714E6116365F1AB
    Malicious:false
    Reputation:unknown
    Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJHb29nbGUuV2lkZXZpbmUuQ0RNLmRsbCIsInJvb3RfaGFzaCI6Im9ZZjVLQ2Z1ai1MYmdLYkQyWFdBS1E5Nkp1bTR1Q2dCZTRVeEpGSExSNWMifSx7InBhdGgiOiJtYW5pZmVzdC5qc29uIiwicm9vdF9oYXNoIjoiYk01YTJOU1d2RkY1LW9Tdml2eFdqdXVwZ05pblVGakdPQXRrLTBJcGpDZyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6Im5laWZhb2luZGdnZmNqaWNmZmtncG1ubHBwZWZmYWJkIiwiaXRlbV92ZXJzaW9uIjoiMS4wLjI3MzguMCIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"KTPeHzS0ybFaz3_br3ASYWHjb6Ctul92067u2JMwtNYYm-4KxLiSkJZNBIzhm6hNSEW2p5kUEvHD0TjhhFGCZnWm9titj2bqJayCOAGxZb5BO74JJCRfy5Kwr1KSS4nvocsZepnHBmCiG2OV3by-Lyf1h1uU3X3bDfD92O0vJzrA8rwL2LrwIk-BolLo5nlM0I_MZwg8DhZ8SFBu9GGRVB2XrailDrv4SgupFE9gqA1HY6kjRjoyoAHbRRxZdBNNt9IKNdxNyaF9NcNRY8dAedNQ9Tw3YNp5jB7R9lcjO4knn58RdH2h_GiJ4l96StcXA4e7cqbJ77P-c

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_328367691\manifest.fingerprint

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:ASCII text, with no line terminators
    Category:dropped
    Size (bytes):66
    Entropy (8bit):3.974403644129192
    Encrypted:false
    SSDEEP:
    MD5:D30A5BBC00F7334EEDE0795D147B2E80
    SHA1:78F3A6995856854CAD0C524884F74E182F9C3C57
    SHA-256:A08C1BC41DE319392676C7389048D8B1C7424C4B74D2F6466BCF5732B8D86642
    SHA-512:DACF60E959C10A3499D55DC594454858343BF6A309F22D73BDEE86B676D8D0CED10E86AC95ECD78E745E8805237121A25830301680BD12BFC7122A82A885FF4B
    Malicious:false
    Reputation:unknown
    Preview:1.c900ba9a2d8318263fd43782ee6fd5fb50bad78bf0eb2c972b5922c458af45ed

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_328367691\manifest.json

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):145
    Entropy (8bit):4.595307058143632
    Encrypted:false
    SSDEEP:
    MD5:BBC03E9C7C5944E62EFC9C660B7BD2B6
    SHA1:83F161E3F49B64553709994B048D9F597CDE3DC6
    SHA-256:6CCE5AD8D496BC5179FA84AF8AFC568EEBA980D8A75058C6380B64FB42298C28
    SHA-512:FB80F091468A299B5209ACC30EDAF2001D081C22C3B30AAD422CBE6FEA7E5FE36A67A8E000D5DD03A30C60C30391C85FA31F3931E804C351AB0A71E9A978CC0F
    Malicious:false
    Reputation:unknown
    Preview:{. "manifest_version": 2,. "name": "windows-mf-cdm",. "version": "1.0.2738.0",. "accept_arch": [. "x64",. "x86_64",. "x86_64h". ].}

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_335959110\_metadata\verified_contents.json

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1796
    Entropy (8bit):6.027202842667758
    Encrypted:false
    SSDEEP:
    MD5:8EA764C07D2E09169E9FB3DAC6C6C0B5
    SHA1:9CDD9336AFFCAABFFFCD0D81EFF38DE0B1CA56AD
    SHA-256:FC61A13C0536EAB8A9624C8529F75C50E06601016A98F099A9C8D802D23AF210
    SHA-512:3F6FF458ED9E75628C434E6B5169FD2A9B6C189DFD81D499C0DF107DCD3C4E7ECD6BE1A423790675E69B2542B9D24078FA8F85A785C7A74AE20F48FD9E3D3A47
    Malicious:false
    Reputation:unknown
    Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJjcl9lbi11c181MDAwMDBfaW5kZXguYmluIiwicm9vdF9oYXNoIjoidXBOZVFDZHhJVzRCTDh2T3FyTEx4SnRlcF9peXlRVXN4TEtlQ1Y3ajMzbyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJrYWFGeGZ1SzAyak82RDJSVVB4U2NpMzFuNk9vYjZlMHdVRkEybTA1QzQ0In1dLCJmb3JtYXQiOiJ0cmVlaGFzaCIsImhhc2hfYmxvY2tfc2l6ZSI6NDA5Nn1dLCJpdGVtX2lkIjoib2JlZGJiaGJwbW9qbmthbmljaW9nZ25tZWxtb29tb2MiLCJpdGVtX3ZlcnNpb24iOiIyMDI0MDQyOS42MzQ1Mjk1MDQuMTQiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"fKTVR_YHFWQYdlmluWZZR2W_0S3KlfKz51o12HvoCU6Kxgg3bn6OY9lG6cpWo36UuAsva8DOP0bAaXU3Wya7ajhJVD3wUKBOHTgedkOA-ru2N3lkBuN5zBAXHfrilYtxBLVoDzDn0UHpWZn8eX66Wd7SpDFE6hIJ3RBxwnLPhwCGvKTil5KULdKOx78yEJe17YaS7pxnVjP16oS3Kqb6pPwHfXilT9NqhR3iW2igiQvnLvMHem43KB0emNbS6HwCiozrBoGmnA62JofJlP6ytFOeJ_pO-dlFYY5RjUz9h7EPyxJ4X-zWf6TAtne

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_335959110\cr_en-us_500000_index.bin

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:data
    Category:dropped
    Size (bytes):7917305
    Entropy (8bit):6.57056452735637
    Encrypted:false
    SSDEEP:
    MD5:4F7E1F228CE9696334193E43F509DD5B
    SHA1:9B12DEFA5D0F051433DA7253258F120C82BFB510
    SHA-256:B85C30009CA7EF550DE3185E38FB4F4A2D8D1D5DF4241BE121EA785B40F644AF
    SHA-512:82E4B5F13C6C09638E7FAC377ACD9836A3A88952925FECE38015D3456AE047FDD2CCC90F91D0A771028CCB545F3E27ADF43A6B69D2A6F2F6EA705A4C71093B10
    Malicious:false
    Reputation:unknown
    Preview:......w_....h.~...y.4#..a..$..f.!2..g-.:..r.`B..t..J..c.+Y..d..m..e.*y..lk....u.T...i.p...p1....m.a...b...swp...o;....n.Y...kE9...vO....zu....q{....x=....j?....13....3.....5....4.....2Gl...9.e...7.....6o....8.1...0Ml.....v...*Y~...&.~........................ ..../!.............. ..'....$_...........1...%.... ....... . .....$....... .....-}...........[............ meaningH4... to c....).................n.....3................. meaningj....C.....rsula corber.T..... meaning...............@s....+.....$ artist.....lafur darri .lafsson.....(............. meaning.h........p'.... meaning~$...dgar guzm.n l.pezD....W...... meaning......... . .......b............ ........ . . .... ................ meaning...... meaning:..... meaningr..... meaningR...... ......h....ngela aguilar.\..#...... meaning.8.... meaning...... meaning...... meaning....

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_335959110\manifest.fingerprint

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:ASCII text, with no line terminators
    Category:dropped
    Size (bytes):66
    Entropy (8bit):3.908762158744044
    Encrypted:false
    SSDEEP:
    MD5:464E0890F95787C2F7571023DC610C45
    SHA1:542BD847BBCBC44230842473E2BA2E529232BD79
    SHA-256:F536F2D86C3B97B2088987188449F2B2187FD1C8693A9B3895E67FA95030D750
    SHA-512:8BC4ECE523EA8403C8497E764C231F4F1798DEB39AB24F604AFD23697E9B7D6FEFCAAFCAFBB9C93ABB157753BBE817C668FB4909908F0C4DB76F4F78D69C0487
    Malicious:false
    Reputation:unknown
    Preview:1.3db671c10b19ce621685bdd52e80b78249168366bce250836f34a123a8b503fe

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6288_335959110\manifest.json

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):108
    Entropy (8bit):4.85121085962811
    Encrypted:false
    SSDEEP:
    MD5:C222D99CED7896B6FBACF293EF54ADC0
    SHA1:FDC8DC8823B10C732114A3EADC4E02D542E7F990
    SHA-256:91A685C5FB8AD368CEE83D9150FC52722DF59FA3A86FA7B4C14140DA6D390B8E
    SHA-512:088731FA049C646AF1CC3582BC59CA7A5E89760CA397B515B36228A1D93A410C73001CB9ECA91CE3A132E87E522BA6438EA46FC2BB9EF798BD5E9D6065EA5587
    Malicious:false
    Reputation:unknown
    Preview:{. "manifest_version": 2,. "name": "OnDeviceHeadSuggestENUS500000",. "version": "20240429.634529504.14".}

    Static File Info

    No static file info