Edit tour

Windows Analysis Report
https://uglb4.roperelo.com/caGPey/

Overview

General Information

Sample URL:	https://uglb4.roperelo.com/caGPey/
Analysis ID:	1466964

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTML page contains suspicious base64 encoded javascript

Phishing site detected (based on shot match)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

HTML page contains hidden URLs or javascript code

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 3100 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://uglb4.roperelo.com/caGPey/ MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 2656 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1984,i,17464380941460084798,5693043387103697457,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

HTML page contains suspicious base64 encoded javascript

Source: https://uglb4.roperelo.com/caGPey/

HTTP Parser: Base64 decoded: <script>

Phishing site detected (based on shot match)

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/8hg6u/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	Matcher: Template: captcha matched
Source: https://uglb4.roperelo.com/caGPey/	Matcher: Template: captcha matched
Source: https://uglb4.roperelo.com/caGPey/	Matcher: Template: captcha matched
Source: https://uglb4.roperelo.com/caGPey/	Matcher: Template: captcha matched
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv1/5YiJtKlZY9zsY10/8hg6u/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	Matcher: Template: captcha matched
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv2/VN0ta9OzzfN6R8T/8hg6u/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	Matcher: Template: captcha matched
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	Matcher: Template: captcha matched
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv1/5YiJtKlZY9zsY10/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	Matcher: Template: captcha matched
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv2/VN0ta9OzzfN6R8T/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	Matcher: Template: captcha matched
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv3/8gNQiKqJn8j24XB/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	Matcher: Template: captcha matched
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv4/kndUV7JugzK85zT/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	Matcher: Template: captcha matched
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv5/gK_peYpdatqtD68/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	Matcher: Template: captcha matched
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv6/aHtfoA7ocYfEOOT/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	Matcher: Template: captcha matched
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv7/rneWVs1b04b3xiN/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	Matcher: Template: captcha matched
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv8/Rno5CciNJ7APW03/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	Matcher: Template: captcha matched

Source: https://uglb4.roperelo.com/caGPey/

HTTP Parser: Base64 decoded: <!DOCTYPE html><html lang="en"><head> <script src="https://code.jquery.com/jquery-3.6.0.min.js"></script> <script src="https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit"></script> <script src="https://cdnjs.cloudflar...

Source: https://uglb4.roperelo.com/caGPey/	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/8hg6u/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	HTTP Parser: No favicon
Source: https://uglb4.roperelo.com/caGPey/	HTTP Parser: No favicon
Source: https://uglb4.roperelo.com/caGPey/	HTTP Parser: No favicon
Source: https://uglb4.roperelo.com/caGPey/	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv1/5YiJtKlZY9zsY10/8hg6u/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv2/VN0ta9OzzfN6R8T/8hg6u/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv1/5YiJtKlZY9zsY10/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv2/VN0ta9OzzfN6R8T/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv3/8gNQiKqJn8j24XB/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv4/kndUV7JugzK85zT/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv5/gK_peYpdatqtD68/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv6/aHtfoA7ocYfEOOT/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv7/rneWVs1b04b3xiN/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	HTTP Parser: No favicon
Source: https://uglb4.roperelo.com/caGPey/	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv7/rneWVs1b04b3xiN/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv8/Rno5CciNJ7APW03/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv9/OJEqXYjsq4l6Yxu/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	HTTP Parser: No favicon
Source: https://uglb4.roperelo.com/caGPey/	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv9/OJEqXYjsq4l6Yxu/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.17:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.17:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.71:443 -> 192.168.2.17:49536 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49537 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.150:443 -> 192.168.2.17:49539 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49553 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.17:49530 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:49530 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:49530 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:53844 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:49530 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:53844 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:49530 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:53844 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:49530 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:53844 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:49530 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:53844 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:49530 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:53844 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:49530 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:53844 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:49530 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127

Source: global traffic	DNS traffic detected: DNS query: uglb4.roperelo.com
Source: global traffic	DNS traffic detected: DNS query: hv8d.p9j32.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: rnnz.081zq.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49540 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49554 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49531 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49545 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49537 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49551 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49548 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49534 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49542 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49561
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49560
Source: unknown	Network traffic detected: HTTP traffic on port 49559 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49561 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49533 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49556 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49559
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49558
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49557
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49556
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49555
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49554
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49553
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49552
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49551
Source: unknown	Network traffic detected: HTTP traffic on port 49539 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49547 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49550
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49553 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49536 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49549
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49548
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49547
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49546
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49545
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49544
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49543
Source: unknown	Network traffic detected: HTTP traffic on port 49538 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49542
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49541
Source: unknown	Network traffic detected: HTTP traffic on port 49544 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49540
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49558 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49535 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49550 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49539
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49538
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49537
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49536
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49535
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49534
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49533
Source: unknown	Network traffic detected: HTTP traffic on port 49541 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49531
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49555 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49546 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49552 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49549 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49543 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49560 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49557 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.17:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.17:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.71:443 -> 192.168.2.17:49536 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49537 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.150:443 -> 192.168.2.17:49539 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49553 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1018036673
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1018036673\sets.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1018036673\manifest.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1018036673\LICENSE
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1018036673\_metadata\
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1018036673\_metadata\verified_contents.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1018036673\manifest.fingerprint
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1629589010
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1629589010\cr_en-us_500000_index.bin
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1629589010\manifest.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1629589010\_metadata\
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1629589010\_metadata\verified_contents.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1629589010\manifest.fingerprint

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_3100_1750126993

Source: classification engine

Classification label: mal48.phis.win@23/15@24/165

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://uglb4.roperelo.com/caGPey/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1984,i,17464380941460084798,5693043387103697457,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1984,i,17464380941460084798,5693043387103697457,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://uglb4.roperelo.com/caGPey/	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
code.jquery.com	151.101.130.137	true	false	unknown
hv8d.p9j32.com	172.67.182.147	true	false	unknown
cdnjs.cloudflare.com	104.17.24.14	true	false	unknown
rnnz.081zq.com	188.114.96.3	true	false	unknown
challenges.cloudflare.com	104.17.3.184	true	false	unknown
uglb4.roperelo.com	188.114.96.3	true	false	unknown
www.google.com	142.250.186.164	true	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv1/5YiJtKlZY9zsY10/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	true	unknown
https://uglb4.roperelo.com/caGPey/	true	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv1/5YiJtKlZY9zsY10/8hg6u/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	true	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv2/VN0ta9OzzfN6R8T/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	true	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv7/rneWVs1b04b3xiN/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	true	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv4/kndUV7JugzK85zT/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	true	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv8/Rno5CciNJ7APW03/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	true	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv9/OJEqXYjsq4l6Yxu/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	false	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv2/VN0ta9OzzfN6R8T/8hg6u/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	true	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv5/gK_peYpdatqtD68/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	true	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/8hg6u/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	true	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv6/aHtfoA7ocYfEOOT/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	true	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv3/8gNQiKqJn8j24XB/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	true	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/jrcuw/0x4AAAAAAAdTJ8hLN9w03U34/auto/normal	true	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.99	unknown	United States	15169	GOOGLEUS	false
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.250.186.67	unknown	United States	15169	GOOGLEUS	false
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
172.67.182.147	hv8d.p9j32.com	United States	13335	CLOUDFLARENETUS	false
74.125.133.84	unknown	United States	15169	GOOGLEUS	false
151.101.130.137	code.jquery.com	United States	54113	FASTLYUS	false
104.17.3.184	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.250.181.238	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.96.3	rnnz.081zq.com	European Union	13335	CLOUDFLARENETUS	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
142.250.184.206	unknown	United States	15169	GOOGLEUS	false
104.17.2.184	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1466964
Start date and time:	2024-07-03 15:47:58 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://uglb4.roperelo.com/caGPey/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@23/15@24/165

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 142.250.185.99, 74.125.133.84, 142.250.181.238, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://uglb4.roperelo.com/caGPey/

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:48:28 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9887796056463105
Encrypted:	false
SSDEEP:
MD5:	EE98AAE83813489F666FE40B8F0289D5
SHA1:	A85D004472EB1FFE2923362C6DA4408789803295
SHA-256:	DBE6B8E3323ECD51161FC938016F0AD2C228757D9452B7CE7A29530DBA7A9EBE
SHA-512:	A101D0C01BC4A9A78AFA4A4EC37AAE6847BF8BA7A10E825202DA3342A9D5985DE6330885BF44F8AED64415FDBEA018A69F776225EE045091BD43EE7F9584A9C0
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....,.-.O.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.n....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.n....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.n...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.n...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........)5.m.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:48:28 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.002782998594593
Encrypted:	false
SSDEEP:
MD5:	1541160330180E406F3608E9A6EE533F
SHA1:	EB779796224B4AAB543544937AB715EFD59A7B9E
SHA-256:	7EEF1E64ED0CB1EAE84D3E5DD5568BDDF7F06151D01C4887B52D35AC6A3A98BA
SHA-512:	650371890E41DB891F4E5C236982D020CBD43E54E545611E1B277BF8A9F8CF5ABF6C17A1376602E7AB1D47EC13374BDE8148AFB1C8F6994759790E28245EFEC0
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....?!.O.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.n....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.n....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.n...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.n...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........)5.m.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.014007349472593
Encrypted:	false
SSDEEP:
MD5:	8F69D37C7D766690A28A5B34B5EFAC0F
SHA1:	CF31C30E69174B99B1647CBB6363C88BB65CA465
SHA-256:	65E1CA5B0660E56701DBCF4B52AA09569F6FC7AE3E48A35B177E4C3F76181EE3
SHA-512:	636E08DE78BB5B5E1929579AD223ABBB301B1F5D1C469C8592F6340355CE514AD95F524842399ECB9A386211B64C46ACCFC2FB1F261EE9B157F5895C0458FEB2
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.n....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.n....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.n...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........)5.m.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:48:28 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.007100013043681
Encrypted:	false
SSDEEP:
MD5:	BCC478B18036217708853025BB98CC70
SHA1:	0DD568DF7A024D0460104450625AE883C494AB3A
SHA-256:	8909CD1D4C127C6050B77921331A40A00AA723567059301E3442C59002E81E5C
SHA-512:	D00883851828FCF5943BA357CF9FD93636DC65A3381F7381D1DA8778329B5771768B6AAE398F8ED1E601BFDA013608AC8295EA05915DC4296EBD58724F7DD107
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,........O.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.n....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.n....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.n...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.n...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........)5.m.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:48:28 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.994672212513807
Encrypted:	false
SSDEEP:
MD5:	FD6A2D7E36B2B183662FF414EF1B7E81
SHA1:	50271D1D5186921101D2B7F8DC7CAD8C7B948DB3
SHA-256:	B8D80AC8C2231D69902A0C53955A900605385D7D00FB55D15525153348AE3832
SHA-512:	1F2D07D5F272928F564259A4FF09CC8D5B98DA9D19F9D559F4B65998675A73F02AEFB39BBB7B1B2B8B4A88A8A5D53366084870A4B318492914DF6ABD347A5718
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......'.O.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.n....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.n....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.n...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.n...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........)5.m.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:48:28 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.003320220442698
Encrypted:	false
SSDEEP:
MD5:	9ED6DC6340296A16F07A120E559FDEA4
SHA1:	507BCB638443478F79677132854C25D1E2A3BF1B
SHA-256:	EC184B565961A76FA87F7A0BB333FCE4717E01BBFDD84D2B89048EEC1B5770C4
SHA-512:	AC51C20C31524E9A153AEC02C9A9EC2804F69E011C181E5C7EB9B5F8C04FB5819C4038392ED30ECF6E47D27B3ABD87F6CEBD785A102E6EA113F94C10879631CB
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......O.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.n....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.n....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.n...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.n...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........)5.m.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1018036673\LICENSE

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1558
Entropy (8bit):	5.11458514637545
Encrypted:	false
SSDEEP:
MD5:	EE002CB9E51BB8DFA89640A406A1090A
SHA1:	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
SHA-256:	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
SHA-512:	D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
Malicious:	false
Reputation:	unknown
Preview:	// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1018036673\_metadata\verified_contents.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1864
Entropy (8bit):	6.0157277397082884
Encrypted:	false
SSDEEP:
MD5:	4CBD807685B88243CC9EA3E4B60FE8FD
SHA1:	B02FB2A85ECBEA61424F9F14A32590FA2041C068
SHA-256:	8E9B53C9DCD85F58E64164CEAF4E327B52B88C98946EF1067B112B3C9BDC5FEE
SHA-512:	61B4E345BB2AE6BD8907C1D23582709D21089504B23497EC0906D489C096CE981F31CE0D2A2FB5B97E3E5B8D71B36ECC1B0393F55AE9007D36D790FA0B7C4161
Malicious:	false
Reputation:	unknown
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJ4UlFLT0lkOFU5ZzZhTTNZdnlieVpyUVcwUnRvM3JWeXpwaXQ3RjB4YUZnIn0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiQ1k5VzJMb3NsRkxMQmR3VFhVVFJNYnBxdnVSd2g1SVByT1ZsdG9BSUlFNCJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC42LjI2LjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"JwsfiQnUWfcg0_PuT83D82ftcuaZ7vEsE_gMNDBSQyf3yMBDUgfqYwvvVFJbiHScUgP70t-BqLn6UQvY0bPu6W8oxy6WzuhegflPkarNrUr5BrTQ6T6GUQS5rb5hsCNYhNq2yDXc6JRw2fVbWfO5BsQ7VSpW8gO0oN3x3Ju-4Lr72tesPWvv_g2rkIXZLJHw4z1oZoKx1T2xY6ncKsFBbLnmD1gUSN3iAPPZ9zHg41a62wpcpb9uWRD

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1018036673\manifest.fingerprint

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.760377931718998
Encrypted:	false
SSDEEP:
MD5:	C18D2397B5F0CFF55132B016467CA189
SHA1:	B60B8ADF7CABF73855BB17212831736FB0CB9F74
SHA-256:	5C3233CF05E64742B923685C31E5347CABA89B198FD4A1BBA59A9500C3C16082
SHA-512:	5EF20571951238C960107E0F16ABC3C5FDEAFC6CED038220835B5341C18CEB7C144FB2B2CCA1094C98C5900A15A1B1B1FA3357E011C492805567AE56DE57A1B6
Malicious:	false
Reputation:	unknown
Preview:	1.1848d9cb81709d6bb8a9612e1cba9fc97bb669c7ef81e2d11c0f937896df8e27

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1018036673\manifest.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.424014792499492
Encrypted:	false
SSDEEP:
MD5:	2C221BDCF91C9C07551499EE4CD15A6F
SHA1:	CBC3CE0947A3D61A7673A7729CA25DB7DB023336
SHA-256:	C5140A38877C53D83A68CDD8BF26F266B416D11B68DEB572CE98ADEC5D316858
SHA-512:	B77656D3D8598FB946F988906FBE4399B30C4B1DB284FA187C617ECAADA0C98EB913572D4361E43058A68D175E95451B05F875372669ACF98DD1BAAE59F8D9BE
Malicious:	false
Reputation:	unknown
Preview:	{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.6.26.0".}

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1018036673\sets.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9068
Entropy (8bit):	4.624080015119112
Encrypted:	false
SSDEEP:
MD5:	1D67EF4C7F90E1C8A620ADF17C6B6B13
SHA1:	E90E51A4A2305BCBD5016A3CA02CD14F77FDCBBA
SHA-256:	578DF0513FF5FA4080BDFC0B7094DCB444E09CD3AB3DCBC60165D1369681E2C1
SHA-512:	59B80B6A767EA95254CC64A5CDC17DF3ACC2F0B0E52416D86477109A1EDAB7479E0B1AEAB1FF793F8DC1807AAFAB38915A8267D4F31F618E99DF1AB07C095EE9
Malicious:	false
Reputation:	unknown
Preview:	{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://elpais.com.uy","

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1629589010\_metadata\verified_contents.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1796
Entropy (8bit):	6.002879779555619
Encrypted:	false
SSDEEP:
MD5:	B2342846BC2BF82583282ED0771AE086
SHA1:	5E6C1DAA24C6E883585C000ED3A21C89501687D4
SHA-256:	FB489307DEAD790CF64746C6E0F3FCCB93D6F2854C5840DE47454B1C7781D4EF
SHA-512:	2CB4F5A8A195C41C2C94373419580129443C0A20A46B83319703B1B3F5FD58E8D157C7482DB0770A6C33504018527ACF069231B3C025BD5064297D7C6F716A9C
Malicious:	false
Reputation:	unknown
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJjcl9lbi11c181MDAwMDBfaW5kZXguYmluIiwicm9vdF9oYXNoIjoiMnNBamlXZFIxLTdnbkJ1ZDFTelpzT0NKLTNON0hYUC1ZQkRNSi1Nckg5ZyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJ4NU1mMGVUMHZCbWpMaDgxalVPaDJmNU1Ed2xxdGhlQXlBT2h3Y1ZiS2dRIn1dLCJmb3JtYXQiOiJ0cmVlaGFzaCIsImhhc2hfYmxvY2tfc2l6ZSI6NDA5Nn1dLCJpdGVtX2lkIjoib2JlZGJiaGJwbW9qbmthbmljaW9nZ25tZWxtb29tb2MiLCJpdGVtX3ZlcnNpb24iOiIyMDI0MDYyNi42NDgwMzI1NTguMTQiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"qEJeSxPQWLf2NCVYqUa-Dhlt7iFuIjtO1V_FBjFFNkkZFcrIm3PVHzXjBgqeQU21cbnRIYPio-U0mzxaM-AX6ivUlL3wBdVDC6zjxDjzJ3SUxE56w5mVH1xext9DPFZW9QnWQQ26FQUv6VXJYg4ngvk4oFSF1O1i6OHyh4XVThUZuoHTT4cAtv3Nuuwh0H4ooQ8ecPyHVD7T2aZ-SnS-uGg_F-srT8tU_etfs5ZFnEDvqqrHUE47YeOCa2ipzzHSp2USCjEJtDk_x0OpZW9Qq_y_vPrWX9xMEBw5PlbWFlq8fXMo22hZ9m8v7W0

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1629589010\cr_en-us_500000_index.bin

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	7886389
Entropy (8bit):	6.573311178544636
Encrypted:	false
SSDEEP:
MD5:	B187EA2B25B43B71D02E098CE7194C0E
SHA1:	930ECAA25359670A9E1DE66CA1A9E8ED049A0303
SHA-256:	231499B9117935AC16BCF94CF270894EAA17DC499E34C031FDB61B7F3D6DC875
SHA-512:	B51C9276DCD72EF260B9AABFD16B66050E63D6773BE786195F97355F2DB105EF102892E9EF19BE2EC6EEAD479937CEF7705D7DDD9D44FCC589983C91666CCECD
Malicious:	false
Reputation:	unknown
Preview:	......ws....h._...y+.#..aeq$..f..1..r#.:..t..C..g.iQ..c.SY..l..m..d3.v..e.....p.0...i.....u....m.....n.,...b1...s.....o.f...z1....v.....k.....x.H...1%....j.....q.....5.<...3%....4.3...2....9{z...7Y....6.....8.B...0%{.........*......S.........&............g........../............... .......... ....%.... ....... . .....&........-...........$S....... .............5........... to usd.5..)....... meaning./..(\|............................... meaningl........... meaningJ.........@....+...........s.... meaningrS.... meaning 5.'......... ...............dgar guzm.n l.pez................#y...... meaning................. ......Z..... meaningP$.... meaning:.. . .... ..........\..... meaning........ .......&..... meaning.w...s...... meaning.O.... meaning.L....... .......?.... meaning.;.... meaning.9..... ..... .....

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1629589010\manifest.fingerprint

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.9032390075834345
Encrypted:	false
SSDEEP:
MD5:	757A529E806B524C76A68B30ED167CF4
SHA1:	75012833E0A913DDBF2EC9C0607AE988E63F0E4F
SHA-256:	648D71C9DCF2D314D8F5088BCD66D506CF14AD83D827ABD2F2E5174DD2403AC3
SHA-512:	BA1BDDE0775E89297DABC2A47BDD8B7076580D92C7EDBF146683D1A0CE87CF399457E036E196524E921D3EB9D766D1F490D26C5019C6168445EFA9BF63C3BE8B
Malicious:	false
Reputation:	unknown
Preview:	1.907ac147226a1fd72d11c435ce22a1828fcdf85ff3f5460b4ea3e425754f0d67

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1629589010\manifest.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	108
Entropy (8bit):	4.870654058425424
Encrypted:	false
SSDEEP:
MD5:	47D92D282613354C04D0EEB238B8D2C0
SHA1:	5AAE2B468F7575D179EF6565CF146F48AA86ADB1
SHA-256:	C7931FD1E4F4BC19A32E1F358D43A1D9FE4C0F096AB61780C803A1C1C55B2A04
SHA-512:	01442D16B4C8FC32B0B2F8245D125ABA3CD30FA897DE0DC1FAFA921BE95A967B71F5CF6C1009A3D932AA184BB5FEC48C2005ED0D3866C6208CCE53AA48307B09
Malicious:	false
Reputation:	unknown
Preview:	{. "manifest_version": 2,. "name": "OnDeviceHeadSuggestENUS500000",. "version": "20240626.648032558.14".}

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://uglb4.roperelo.com/caGPey/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1018036673\LICENSE

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1018036673\_metadata\verified_contents.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1018036673\manifest.fingerprint

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1018036673\manifest.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1018036673\sets.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1629589010\_metadata\verified_contents.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1629589010\cr_en-us_500000_index.bin

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1629589010\manifest.fingerprint

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3100_1629589010\manifest.json

Static File Info

Windows Analysis Report
https://uglb4.roperelo.com/caGPey/