Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://lf16-capcut.faceulv.com/obj/capcutpc-packages-us/installer/capcut_capcutpc_0_1.2.6_installer.exe

Overview

General Information

Sample URL:https://lf16-capcut.faceulv.com/obj/capcutpc-packages-us/installer/capcut_capcutpc_0_1.2.6_installer.exe
Analysis ID:1548906
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious URL
Drops large PE files
Drops PE files
Found dropped PE file which has not been started or loaded
Queries disk information (often used to detect virtual machines)
Stores files to the Windows start menu directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 5968 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6896 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1908,i,15202565363180225643,12520382081572277955,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6672 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5728 --field-trial-handle=1908,i,15202565363180225643,12520382081572277955,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7956 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4284 --field-trial-handle=1908,i,15202565363180225643,12520382081572277955,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • capcut_capcutpc_0_1.2.6_installer.exe (PID: 8084 cmdline: "C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exe" MD5: C91E097550EA6CCEDF592D8B83414E0D)
  • chrome.exe (PID: 6436 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://lf16-capcut.faceulv.com/obj/capcutpc-packages-us/installer/capcut_capcutpc_0_1.2.6_installer.exe" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Compliance
  • Networking
  • System Summary
  • Persistence and Installation Behavior
  • Boot Survival
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeFile created: C:\Users\user\AppData\Local\Temp\installer_downloader.log
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: global trafficDNS traffic detected: DNS query: lf16-capcut.faceulv.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: maliva-mcs.byteoversea.com
Source: global trafficDNS traffic detected: DNS query: editor-api-sg.capcut.com
Source: global trafficDNS traffic detected: DNS query: sf16-va.tiktokcdn.com
Source: global trafficDNS traffic detected: DNS query: sgali-mcs.byteoversea.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49711 version: TLS 1.2

System Summary

barindex
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeFile dump: app_package_7e67f93185.exe.15.dr 542896128Jump to dropped file
Source: classification engineClassification label: mal48.win@25/24@10/111
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeMutant created: \Sessions\1\BaseNamedObjects\ByteDance_Mutex_Installer_Downloader_CapCut
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeMutant created: \Sessions\1\BaseNamedObjects\CapCut_Mutex_Install
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeMutant created: \Sessions\1\BaseNamedObjects\CapCut_Mutex_UnInstall
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeFile created: C:\Users\user\AppData\Local\Temp\nso2240.tmp
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeFile read: C:\Users\desktop.ini
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1908,i,15202565363180225643,12520382081572277955,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://lf16-capcut.faceulv.com/obj/capcutpc-packages-us/installer/capcut_capcutpc_0_1.2.6_installer.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5728 --field-trial-handle=1908,i,15202565363180225643,12520382081572277955,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1908,i,15202565363180225643,12520382081572277955,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5728 --field-trial-handle=1908,i,15202565363180225643,12520382081572277955,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4284 --field-trial-handle=1908,i,15202565363180225643,12520382081572277955,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exe "C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4284 --field-trial-handle=1908,i,15202565363180225643,12520382081572277955,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exe "C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: userenv.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: apphelp.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: propsys.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: dwmapi.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: cryptbase.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: oleacc.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: version.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: shfolder.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: wldp.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: profapi.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: dbghelp.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: winmm.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: msasn1.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: mf.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: mfplat.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: netapi32.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: mfcore.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: powrprof.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: ksuser.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: mfperfhelper.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: rtworkq.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: umpdc.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: riched20.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: usp10.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: msls31.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: textinputframework.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: wintypes.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: wintypes.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: wintypes.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: msimg32.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: dnsapi.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: mswsock.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: textshaping.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
Source: Window RecorderWindow detected: More than 3 window changes detected

Persistence and Installation Behavior

barindex
Source: EmailJoeBoxAI: AI detected Brand spoofing attempt in URL: URL: https://lf16-capcut.faceulv.com
Source: EmailJoeBoxAI: AI detected Typosquatting in URL: URL: https://lf16-capcut.faceulv.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\Unconfirmed 242471.crdownloadJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\cd680e9b-7e47-4827-9747-c5bc1ad6c301.tmpJump to dropped file
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeFile created: C:\Users\user\AppData\Local\Temp\nsd2250.tmp\System.dllJump to dropped file
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeFile created: C:\Users\user\AppData\Local\Temp\nsd2250.tmp\deviceregister_shared.dllJump to dropped file
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeFile created: C:\Users\user\AppData\Local\app_shell_cache_562354\app_package_7e67f93185.exeJump to dropped file
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeFile created: C:\Users\user\AppData\Local\Temp\nsd2250.tmp\shell_downloader.dllJump to dropped file
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeFile created: C:\Users\user\AppData\Local\Temp\nsd2250.tmp\BgWorker.dllJump to dropped file
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeFile created: C:\Users\user\AppData\Local\Temp\nsd2250.tmp\downloader_nsis_plugin.dllJump to dropped file
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeFile created: C:\Users\user\AppData\Local\Temp\installer_downloader.log
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd2250.tmp\System.dllJump to dropped file
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd2250.tmp\deviceregister_shared.dllJump to dropped file
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\app_shell_cache_562354\app_package_7e67f93185.exeJump to dropped file
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd2250.tmp\shell_downloader.dllJump to dropped file
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd2250.tmp\BgWorker.dllJump to dropped file
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd2250.tmp\downloader_nsis_plugin.dllJump to dropped file
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeFile opened: PhysicalDrive0
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeFile Volume queried: C:\Users\user\Downloads FullSizeInformation
Source: C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exeProcess information queried: ProcessInformation

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
Process Injection		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets12
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://lf16-capcut.faceulv.com/obj/capcutpc-packages-us/installer/capcut_capcutpc_0_1.2.6_installer.exe0%Avira URL Cloudsafe
https://lf16-capcut.faceulv.com/obj/capcutpc-packages-us/installer/capcut_capcutpc_0_1.2.6_installer.exe0%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\Downloads\Unconfirmed 242471.crdownload0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsd2250.tmp\BgWorker.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsd2250.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsd2250.tmp\deviceregister_shared.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsd2250.tmp\downloader_nsis_plugin.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsd2250.tmp\shell_downloader.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
lf16-capcut.faceulv.com0%VirustotalBrowse

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
172.217.18.100
truefalse
    		high
    lf16-capcut.faceulv.com
    		unknown
    		unknowntrueunknown
    editor-api-sg.capcut.com
    		unknown
    		unknownfalse
      		unknown
      maliva-mcs.byteoversea.com
      		unknown
      		unknownfalse
        		unknown
        sgali-mcs.byteoversea.com
        		unknown
        		unknownfalse
          		unknown
          sf16-va.tiktokcdn.com
          		unknown
          		unknownfalse
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            142.250.186.35
            		unknownUnited States
            		15169GOOGLEUSfalse
            1.1.1.1
            		unknownAustralia
            		13335CLOUDFLARENETUSfalse
            216.58.212.142
            		unknownUnited States
            		15169GOOGLEUSfalse
            172.217.18.3
            		unknownUnited States
            		15169GOOGLEUSfalse
            239.255.255.250
            		unknownReserved
            		unknownunknownfalse
            2.16.168.5
            		unknownEuropean Union
            		20940AKAMAI-ASN1EUfalse
            2.16.241.12
            		unknownEuropean Union
            		20940AKAMAI-ASN1EUfalse
            2.16.238.147
            		unknownEuropean Union
            		20940AKAMAI-ASN1EUfalse
            64.233.184.84
            		unknownUnited States
            		15169GOOGLEUSfalse
            142.250.186.110
            		unknownUnited States
            		15169GOOGLEUSfalse
            2.18.64.4
            		unknownEuropean Union
            		6057AdministracionNacionaldeTelecomunicacionesUYfalse
            2.16.62.200
            		unknownEuropean Union
            		20940AKAMAI-ASN1EUfalse
            2.16.62.234
            		unknownEuropean Union
            		20940AKAMAI-ASN1EUfalse
            172.217.18.100
            		www.google.comUnited States
            		15169GOOGLEUSfalse

            Private

            IP
            192.168.2.16
            127.0.0.1

            General Information

            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1548906
            Start date and time:2024-11-05 01:54:57 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowsinteractivecookbook.jbs
            Sample URL:https://lf16-capcut.faceulv.com/obj/capcutpc-packages-us/installer/capcut_capcutpc_0_1.2.6_installer.exe
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:16
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • EGA enabled
            Analysis Mode:stream
            Analysis stop reason:Timeout
            Detection:MAL
            Classification:mal48.win@25/24@10/111
            • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
            • Exclude process from analysis (whitelisted): svchost.exe
            • Excluded IPs from analysis (whitelisted): 172.217.18.3, 216.58.212.142, 64.233.184.84, 2.16.62.234, 2.16.62.200, 34.104.35.123
            • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, lf16-capcut.faceulv.com.edgesuite.net, clientservices.googleapis.com, clients.l.google.com, a1142.w155.akamai.net
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtQueryValueKey calls found.
            • Skipping network analysis since amount of network traffic is too extensive
            • VT rate limit hit for: C:\Users\user\Downloads\Unconfirmed 242471.crdownload

            LLM Input / Output

            InputOutput
            URL: Model: claude-3-5-sonnet-latest
            {
    "typosquatting": true,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": true,
    "third_party_hosting": true
}
            URL: URL: https://lf16-capcut.faceulv.com

            Created / dropped Files

            C:\Users\user\AppData\Local\Temp\automatic_suserng_en.png

            Download File
            Process:C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exe
            File Type:PNG image data, 1280 x 720, 8-bit/color RGBA, non-interlaced
            Category:dropped
            Size (bytes):611814
            Entropy (8bit):7.99428892637589
            Encrypted:true
            SSDEEP:
            MD5:F55D2B8FDFD4F476C0D4829FB663C69B
            SHA1:AC3CA7EA4100FFC6E24BC25D536C4FF4846CC1EF
            SHA-256:6EB8B5F62E6763598C2FA9D3182F2D091E6247D88D51475EE4694B76722205EB
            SHA-512:D42963599AB7F264A3211ACE1E16413DEAC91E318CE2E7633553BCF7595E36B400956989C0A09E4C926BEA6AD91A3AAAC9FBE150165D10FFC359ACD1DEF97607
            Malicious:false
            Reputation:unknown
            Preview:.PNG........IHDR..............}.V....pHYs...%...%.IR$.....sRGB.........gAMA......a...U{IDATx..mw.Hv...@D.Y....?y.+.........ni5..tU...H.#.....]....X.eY.eY.eY.eY.[..o....~....M.m.C...y.x.....6.....x},...m|..........\S/..=\...........^.;...c?.....3......ui.`)....C.~n.]C|[u.q.........q.X..._8v...../.....8O..v|..=.5..,-.[.G...X.eY.eY.eY.eY.[.o~..Z.....w....p..5&..V}...q9...i..-![..:IY.....a[...k.......X.x..q...9j.....q}.....)..5.........8~...;..P3......!e?.....=.m.h.....".w.....z....^.;.c.hY.eY.eY.eY.e.;......W....S/ ...@...`....}....t.i.{.."G`.g....e}..D....\9.r....7.-.Y...k........0.=....v..9].c..(......!HIsc...=.L..Z9A&.g..a....].P...k.L.C..u.}..7.@.,.,.,.,.....~........t...'.+_>W.w.Xz....U.........N.]8..Y...*..\D.#B[....L.w^{.}.o......v;..X..XO.~.]K..<.<.R.....z....<.%.../.. PN.p..5.8V.."..W..@0@...........eY.eY.eY.eY......7.._..........t.e<7g..=.r_.....rc..3..9.J.3....D.t.1.....3b[...|.8N.i..v|.k..M84.h._?g...0f..:..}8..k.....M .c,

            C:\Users\user\AppData\Local\Temp\chroma_keying_en.png

            Download File
            Process:C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exe
            File Type:PNG image data, 1280 x 720, 8-bit/color RGBA, non-interlaced
            Category:dropped
            Size (bytes):490493
            Entropy (8bit):7.9929488965939335
            Encrypted:true
            SSDEEP:
            MD5:42FEAD072026913A69E7C96BAC8456B0
            SHA1:F563A8680AFD0F912C932D5D9D0EAE7F079A4C88
            SHA-256:FC330E6CFE8B356B214CC5FFD3A7B8E88618373BE46A763DA205AD6228788A38
            SHA-512:35DFF2F402D6AE9E623B2D55DD0C06287B4E31B910EF7A887384504152610601EE0EAC2DECF5E4163F02C621F87BAF3B41A4DE43A5933442BB3F0D641992F2AE
            Malicious:false
            Reputation:unknown
            Preview:.PNG........IHDR..............}.V....pHYs...%...%.IR$.....sRGB.........gAMA......a...{.IDATx..mw.Hv...@D.Y....?y.+.........ni5..tU...H.#.....]....X.eY.eY.eY.eY.[..o....~....M.m.C...y.x.....6.....x},...m|..........\S/..=\...........^.;...c?.....3......ui.`)....C.~n.]C|[u.q.........q.X..._8v...../.....8O..v|..=.5..,-.[.G...X.eY.eY.eY.eY.[.o~..Z.....w....p..5&..V}...q9...i..-![..:IY.....a[...k.......X.x..q...9j.....q}.....)..5.........8~...;..P3......!e?.....=.m.h.....".w.....z....^.;.c.hY.eY.eY.eY.e.;......W....S/ ...@...`....}....t.i.{.."G`.g....e}..D....\9.r....7.-.Y...k........0.=....v..9].c..(......!HIsc...=.L..Z9A&.g..a....].P...k.L.C..u.}..7.@.,.,.,.,.....~........t...'.+_>W.w.Xz....U.........N.]8..Y...*..\D.#B[....L.w^{.}.o......v;..X..XO.~.]K..<.<.R.....z....<.%.../.. PN.p..5.8V.."..W..@0@...........eY.eY.eY.eY......7.._..........t.e<7g..=.r_.....rc..3..9.J.3....D.t.1.....3b[...|.8N.i..v|.k..M84.h._?g...0f..:..}8..k.....M .c,

            C:\Users\user\AppData\Local\Temp\installer_downloader.log

            Download File
            Process:C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):348
            Entropy (8bit):4.755537623258207
            Encrypted:false
            SSDEEP:
            MD5:BDD43BDD8C9597A6D2B14C19DEF710D4
            SHA1:60C5D23C5098FF447FEB995A0BA00B8836C4ACC1
            SHA-256:C9206A2EF3B9A725AEA6DC419931C2763250DF499584587075B3AF3F8FFACD46
            SHA-512:1DCCEB25A8C50542DF016CC9AFBD726361217E25AC0C27346560E7FC6572F3C813287669F96D8418C6E4F92BE070C3712293E2118A17A0811F7AB0D9EED6D68F
            Malicious:false
            Reputation:unknown
            Preview:20241104-19:56:58:166 [8084:8088] - succeed to initialize dpi helper..20241104-19:56:58:166 [8084:8088] - succeed to set dpi aware..20241104-19:56:58:357 [8084:8124] - capcutpc_0..20241104-19:56:58:357 [8084:8124] - en_CH..20241104-19:56:58:373 [8084:8124] - app shell 1473650893..20241104-19:56:59:775 [8084:8140] - OnDRSdkResult: did=1473650893..

            C:\Users\user\AppData\Local\Temp\intelligent_subtitles_en.png

            Download File
            Process:C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exe
            File Type:PNG image data, 1280 x 720, 8-bit/color RGBA, non-interlaced
            Category:dropped
            Size (bytes):516137
            Entropy (8bit):7.994067658585876
            Encrypted:true
            SSDEEP:
            MD5:C51D1976F87828C0DCA46EF4D0243614
            SHA1:5DB8DDCC5E358D1DA6FB4F79E36C1547DDA6069F
            SHA-256:463A0C124A0925FBB341855685B2B58525B100108D271679F2F95398D5F6C618
            SHA-512:698DFF1DE5D050B51FF7400C8C769E1380571347534A773772531252FE2C2D4502DD27C5AFD5D6C8A0CDC90A7DA49A6EB28557B6A9E31A80767D1C1ECFFC44CC
            Malicious:false
            Reputation:unknown
            Preview:.PNG........IHDR..............}.V....pHYs...%...%.IR$.....sRGB.........gAMA......a....IDATx....m......s...u...}]...m.y.A.... .Q"....oH.^..< .).._@$$"!*.......8...`E.@...(.8.\.....Zs..{....c.}..eW.:?Z...Zk.9..........bY.eY.eY.eY.eY?..'.V}[..|-..W....j]...8.z?.-.m........XJ]...\.{.........^F.{......|.....w.%4.~.g...g...5....k.R.............Z..+......aK.....y-s.p......._../.?p.X.....{.k..VZ..r.bmk.,.,.,.,...X.G~..Z.....j=?....kL.G......8.{......l...$e}~OH..my8.^..............g5.Q..U|~......wyMq\.!.....u....|.q...q....X.)...v..7.In.@c....0..q........0...:...@.,.,.,.,.'.'.>.....J:...-.~......A......zO.....-r.v~..\.o.W.Et,...s-.......2K8y|..~..U.......\....q.{...1...9.)inL...'....Z+'.$.,.>.}.c.+.*.cm..}.x.....f.hY.eY.eY.eY.e.$......W.#..`-.|..............eU.|..x..Lm....r.c.w..N`."...-......;.=.}.o......v;..X..XO.~.]K..<.<.R.....z......%.../.. PN.p..5.8V.."..W...`..k.7b..7...Z.eY.eY.eY.eY..~..7.._..........t.e<7g..=.ro.....ra..3.

            C:\Users\user\AppData\Local\Temp\keyframe_en.png

            Download File
            Process:C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exe
            File Type:PNG image data, 1280 x 720, 8-bit/color RGBA, non-interlaced
            Category:modified
            Size (bytes):608036
            Entropy (8bit):7.994908398550246
            Encrypted:true
            SSDEEP:
            MD5:950E97619B630F384CB2EC5C8DD271C2
            SHA1:BB8251280369A583E0F8BFE27A3A370F3F93A876
            SHA-256:620CFFEECF59C90DB73B0CD81F8F4378AEAD22AF98791111EEE877A07344DC55
            SHA-512:F03E7A2D33D5765F6F885F03D6454FAECAA0A5C5788B406958C07C75EB6788722EC114C4F28028E219899603F451C843FA4E65DFBF2DD0FDB2DE2BE871B188C8
            Malicious:false
            Reputation:unknown
            Preview:.PNG........IHDR..............}.V....pHYs...%...%.IR$.....sRGB.........gAMA......a...F.IDATx..mw.Hv...@D.Y....?y.+.........ni5..tU...H.#.....]....X.eY.eY.eY.eY.[..o....~....M.m.C...y.x.....6.....x},...m|..........\S/..=\...........^.;...c?.....3......ui.`)....C.~n.]C|[u.q.........q.X..._8v...../.....8O..v|..=.5..,-.[.G...X.eY.eY.eY.eY.[.o~..Z.....w....p..5&..V}...q9...i..-![..:IY.....a[...k.......X.x..q...9j.....q}.....)..5.........8~...;..P3......!e?.....=.m.h.....".w.....z....^.;.c.hY.eY.eY.eY.e.;......W....S/ ...@...`....}....t.i.{.."G`.g....e}..D....\9.r....7.-.Y...k........0.=....v..9].c..(......!HIsc...=.L..Z9A&.g..a....].P...k.L.C..u.}..7.@.,.,.,.,.....~........t...'.+_>W.w.Xz....U.........N.]8..Y...*..\D.#B[....L.w^{.}.o......v;..X..XO.~.]K..<.<.R.....z....<.%.../.. PN.p..5.8V.."..W..@0@...........eY.eY.eY.eY......7.._..........t.e<7g..=.r_.....rc..3..9.J.3....D.t.1.....3b[...|.8N.i..v|.k..M84.h._?g...0f..:..}8..k.....M .c,

            C:\Users\user\AppData\Local\Temp\nsd2250.tmp\BgWorker.dll

            Download File
            Process:C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):2560
            Entropy (8bit):3.5703691140729785
            Encrypted:false
            SSDEEP:
            MD5:33EC04738007E665059CF40BC0F0C22B
            SHA1:4196759A922E333D9B17BDA5369F14C33CD5E3BC
            SHA-256:50F735AB8F3473423E6873D628150BBC0777BE7B4F6405247CDDF22BB00FB6BE
            SHA-512:2318B01F0C2F2F021A618CA3E6E5C24A94DF5D00154766B77160203B8B0A177C8581C7B688FFE69BE93A69BC7FD06B8A589844D42447F5060FB4BCF94D8A9AEF
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.4.'.Z.'.Z.'.Z.'.[.+.Z.....".Z.s.k.&.Z...^.&.Z.Rich'.Z.................PE..L......J...........!......................... ...............................0..........................................K...4...<............................ ..(.......................................................4............................text............................... ..`.reloc..B.... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\nsd2250.tmp\System.dll

            Download File
            Process:C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):12288
            Entropy (8bit):5.719859767584478
            Encrypted:false
            SSDEEP:
            MD5:0D7AD4F45DC6F5AA87F606D0331C6901
            SHA1:48DF0911F0484CBE2A8CDD5362140B63C41EE457
            SHA-256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
            SHA-512:C07DE7308CB54205E8BD703001A7FE4FD7796C9AC1B4BB330C77C872BF712B093645F40B80CE7127531FE6746A5B66E18EA073AB6A644934ABED9BB64126FEA9
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L....~.\...........!....."...........).......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\nsd2250.tmp\deviceregister_shared.dll

            Download File
            Process:C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):231936
            Entropy (8bit):6.777476749807315
            Encrypted:false
            SSDEEP:
            MD5:8BAAAEACB97679FB495E1C4F902F0A68
            SHA1:29185B00E4C56FF8CC22DE64C1407809D60348F1
            SHA-256:7C2A74C4BE8D524A121E78E763C05C7B5CB58B524119AC8897C493E717A1D42A
            SHA-512:49F864332165C0229F0588FA1FD56FDC04BB005BE1B61A9367FAC5F45C32783E2E633C8ACB64C3A921D41D9B79CEB3315813AA409A8F725CC7193958BF4BB8E0
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........F..TF..TF..TR..UL..TR..U...TR..UR..T...U[..T...UI..T...UR..TR..UO..TF..T"..T...U[..T...UG..T..;TG..T...UG..TRichF..T........PE..L......b...........!.....D...B...............`.......................................r....@..........................k.......l..d...................................@a..T............................a..@............`..d............................text....C.......D.................. ..`.rdata.......`.......H..............@..@.data................^..............@....rsrc................l..............@..@.reloc...............r..............@..B........................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\nsd2250.tmp\downloader_nsis_plugin.dll

            Download File
            Process:C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exe
            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):1285632
            Entropy (8bit):6.652266778604912
            Encrypted:false
            SSDEEP:
            MD5:F181413906A465FD0DD68CC4A3D98803
            SHA1:5AA28BE48047DD0B672AB98D5E7CBD8260486B4B
            SHA-256:E28FF7B8FC4B1EB2D1F394CE15DE2FC031CDA58DB645038C8C07581C31E79DDA
            SHA-512:8D0116BCBC3938B2EBDDDF77DEC87E4B6C872382D20B555571B0BC3E4A35F88D16BC450004F875A8271165B71BDBAE5D4D474A5BFDA4C7787DA63F4325009C25
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....h.c.........."!.....d...4............................................... ............@A............................q...u...,....0.......................@......lO.......................N..........................(............................text....c.......d.................. ..`.rdata...............h..............@..@.data....k.......N...t..............@....00cfg..............................@..@.tls................................@....voltbl...... ...........................rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\nsd2250.tmp\res.zip

            Download File
            Process:C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exe
            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
            Category:dropped
            Size (bytes):166245
            Entropy (8bit):7.969354347339473
            Encrypted:false
            SSDEEP:
            MD5:23E2490706D024BD70CCB906EBF0B62D
            SHA1:94C346AC69FF8867204F1A2346491342203980BE
            SHA-256:FBB054F0880B81DE92BE6A9500C6757F4E1A3E8E335E31821D76B49DE8375C8C
            SHA-512:FDD948396D184CC7E663678CE179721DC5D9DDEDCEB46110A86ACFE4AC69613E36ED4030ECE15EF95B575C0027D0E83F0C99F9C1C7FE55B967C86FE4CEF86BD0
            Malicious:false
            Reputation:unknown
            Preview:PK........qD)X................app_warning_icon.png..(..PNG........IHDR..............>a.....pHYs...%...%.IR$.....sRGB.........gAMA......a...'.IDATx..}......o......dQ...E$..-.|.1..]....b|Tl...`.O.b,..b.MT...*.,.^# ....{...sw......pv..s..y.............................@.....@'..D....B ...I..3..Et.<Sbi.BY....p..&a[&....,.....N>...z..94??..UL$.+.Y....x..k...Q.J..l.....5../..T...........dc*..m.:W[[.0.6.m...K9..(..e..v.v.W..=.L%..SI.J.B[..tB........+..".z...1e.]....j.....f.4...c~S[..B..d=D...-..nlj.F!:...w......"..,s....x-.....wSS...... .....1c..X__.~R!S....*......#E.D..G...".....{N.I..`.A..k.......6e.l.7...n...X....z...Ye.7#.......1..U...l..).E.......VTT..h....w....?...g...^.z.&"!....WI..........&d'.o.;..H<.z.|........j ....u...t..a.......Q...=...........ht...O[9.%.@P}.8sS..#F.q..w'..m..&.mA...^..8...`..6.7h|U..........&..".z?TD..7e.Y...{..O../.r~...]..G.(...K..{....X..hy*..:X}......j{..a8....A.c..)Pd..@..e.677?...oP.6R..........+].|.M.z.:E#^..

            C:\Users\user\AppData\Local\Temp\nsd2250.tmp\shell_downloader.dll

            Download File
            Process:C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exe
            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):2360320
            Entropy (8bit):6.761538609397524
            Encrypted:false
            SSDEEP:
            MD5:C052C0A2ED833D924B7799625413AC1C
            SHA1:BDD08A29F4DE283BA0EB3CDA4ABC26F6E85D4D5E
            SHA-256:098972CF9DDC9D574130E025A252A99B278DE9CC0AE700ACFB8C935C24EB1172
            SHA-512:89E67C29D5D8A401A70A5B572844F24BFDE82D5D4259ECC5E6F12BE0DDB434995A2E985914FC421973998E3FDC48B133E269E8BB1DA513EC66199F01060162F1
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....h.c.........."!.................-.......................................`%...........@A.........................^"......b"..............................0$..-..l;"......................:".....8...............Xh".D............................text...2........................... ..`.rdata..............................@..@.data...|?...."..6....".............@....00cfg........$.......".............@..@.tls..........$.......".............@....voltbl...... $......."..................reloc...-...0$.......".............@..B................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\speech_synthesis_en.png

            Download File
            Process:C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exe
            File Type:PNG image data, 1280 x 720, 8-bit/color RGBA, non-interlaced
            Category:dropped
            Size (bytes):467974
            Entropy (8bit):7.9915742893464845
            Encrypted:true
            SSDEEP:
            MD5:7E0FCA9AFBA9A7FBC15D378B8E550BAA
            SHA1:163AED4FD049F3981E88ECAA22966949F233A567
            SHA-256:49D5FA943BCEC39D1244E6C69801F20B5F9D01FC89D6F260236A3C1255B5FC98
            SHA-512:A449FC91D53C5C214B2E0D4C678FD1BB95CCA17463C8F43C095B3C860375413580E5DC45497F7042D2A8DE508C616AF380FF1CB147823C215FCF6B82744BA99C
            Malicious:false
            Reputation:unknown
            Preview:.PNG........IHDR..............}.V....pHYs...%...%.IR$.....sRGB.........gAMA......a...#.IDATx...{.vkZ....3.....o.:SUT.g..*9..9....l...#.5...vi....#.dt:ctwF;...4. .Qd..`.A...'!(.HAQVAQ..a..[k.s>O.}]...w}..(.....j.......g...?..J9<.[*.J.R.T*.J.R.T*.n.<.m.....{....:.T........o.o.8..~...}.2.....c.....-...f.x.......w...m-....V...g{A_..nm..,e;_..v.....{.o...=..~?m;.Ok.s.Zz..........p....:............U?o....fK.R.T*.J.R.T*.J..m.w...k...S........W.....}...<.....k@......6.'$t.6.]V..Bv.A..\.x...o..5J....w[..n;..{..b......}.$.....q..j.i.b".l.:.v.V.'....MPp...V.......7..n..|.z...R.T*.J.R.T*.J..M=......3.g..s.6...P..'..U..o...uL.&..............z....8.}....wXc[.6Gf.'....6.6.g.B?w...a...p!.~2Q:.c...]....p..z..n.U.A&....................>.j.k..T*.J.R.T*.J.R...w.....<.{.............t.........S.3...;w...1.Y.;.9..{.....9Lsw^..qu.o...;...v;.7X7.X....MK=.<.<.T.....z....n.%[..... PNBw..=.?W...$..wR....ks7b.g..$.L.R.T*.J.R.T*.J.jz..o.m._..........p.E<7f...@.;.C.

            C:\Users\user\AppData\Local\Temp\text_style_en.png

            Download File
            Process:C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exe
            File Type:PNG image data, 1280 x 720, 8-bit/color RGBA, non-interlaced
            Category:dropped
            Size (bytes):546564
            Entropy (8bit):7.991585702395486
            Encrypted:true
            SSDEEP:
            MD5:03680B27E2CD41C23DDA448C1EE7B1BB
            SHA1:2EBA3FFB31D116D35B22AA0132F51DB732F5432E
            SHA-256:06599F52F75C8E9F3B0A1476CAA97AB7BB0D61DF6A6FEBFB8CCE14706AF64E6B
            SHA-512:4E47D29A67CF8775BF361E118DCC6268E7367D3738DC14462E9C44DE148EC791C413E576E91FE908F909D01245FCC640FE6D1CEC8718F2C41EB3724E35E61B90
            Malicious:false
            Reputation:unknown
            Preview:.PNG........IHDR..............}.V....pHYs...%...%.IR$.....sRGB.........gAMA......a...V.IDATx..mw.Hv...@D.Y....?y.+.........ni5..tU...H.#.....]....X.eY.eY.eY.eY.[..o....~....M.m.C...y.x.....6.....x},...m|..........\S/..=\...........^.;...c?.....3......ui.`)....C.~n.]C|[u.q.........q.X..._8v...../.....8O..v|..=.5..,-.[.G...X.eY.eY.eY.eY.[.o~..Z.....w....p..5&..V}...q9...i..-![..:IY.....a[...k.......X.x..q...9j.....q}.....)..5.........8~...;..P3......!e?.....=.m.h.....".w.....z....^.;.c.hY.eY.eY.eY.e.;......W....S/ ...@...`....}....t.i.{.."G`.g....e}..D....\9.r....7.-.Y...k........0.=....v..9].c..(......!HIsc...=.L..Z9A&.g..a....].P...k.L.C..u.}..7.@.,.,.,.,.....~........t...'.+_>W.w.Xz....U.........N.]8..Y...*..\D.#B[....L.w^{.}.o......v;..X..XO.~.]K..<.<.R.....z....<.%.../.. PN.p..5.8V.."..W..@0@...........eY.eY.eY.eY......7.._..........t.e<7g..=.r_.....rc..3..9.J.3....D.t.1.....3b[...|.8N.i..v|.k..M84.h._?g...0f..:..}8..k.....M .c,

            C:\Users\user\AppData\Local\Temp\visual_effects_en.png

            Download File
            Process:C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exe
            File Type:PNG image data, 1280 x 720, 8-bit/color RGBA, non-interlaced
            Category:dropped
            Size (bytes):506034
            Entropy (8bit):7.990713925210717
            Encrypted:true
            SSDEEP:
            MD5:8EA92C4B9D936D485757D19391F45043
            SHA1:17DDA2A287A49BF23DA9DA09D20062E2DD7A4601
            SHA-256:3A5E1EF48BD852386D5B155306F6B4098B53242C282B9BC54A2C2203301D90BA
            SHA-512:AB041D520B268C0CA6FCF91B87079BED151F97DB3375C5A93E51683605E43021E3111280504F0F58706F1564B515761DB161D7081FD5727783E4A34F48240723
            Malicious:false
            Reputation:unknown
            Preview:.PNG........IHDR..............}.V....pHYs...%...%.IR$.....sRGB.........gAMA......a....GIDATx..mw.Hv...@D.Y....?y.+.........ni5..tU...I.#.....]....X.eY.eY.eY.eY.[..o....~....M.m.C...y.x.....6.....x},...m|..........\S/..=\...........^.;...c?.g...g...5....k.R.............Z..+......aK.....y-s.p......._../.?p.X.....{.k..YZ..r.bmk.,.,.,.,.......\.Z/...j=?....kL.G.....r......[B...u..>.'$..\N...!G9Ae.......8.Y.s..x...e..F9.]^S..k.u....;a.q..=.w.+.f....!.B.~.....{.......w.LmE.......z....^.;.c.hY.eY.eY.eY.e.;......W....S/ ...@...`....}....t.i.{.."G`.g....e}..D....\9.r....7.-.Y...k........0.=....v..9].c..(......!HIsc...=.L..Z9A&.g..a....].P...k.L.C..u.}..7.@.,.,.,.,.....~........t...'.+_>W.w.Xz....U.........N.]8..Y...*..\D.#B[....L.w^{.}.o......v;..X..XO.~.]K..<.<.R.....z....<.%.../.. PN.p..5.8V.."..W..@0@...........eY.eY.eY.eY......7.._..........t.e<7g..=.r_.....rc..3..9.J.3....D.t.1.....3b[...|.8N.i..v|.k..M84.h._?g...0f..:..}8..k.....M .c,

            C:\Users\user\AppData\Local\Temp\water_world_en.png

            Download File
            Process:C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exe
            File Type:PNG image data, 1280 x 720, 8-bit/color RGBA, non-interlaced
            Category:dropped
            Size (bytes):473975
            Entropy (8bit):7.991906849103518
            Encrypted:true
            SSDEEP:
            MD5:601BBE214313CA48CA8F333161AC62AF
            SHA1:6799BE82B01711A0821DF1321FCF5D14DE0ADD6C
            SHA-256:56A9920B94732C54604A6AB3CE0072D30E0EB1A2F4F835661FECBC0C448D8965
            SHA-512:1ED3A3A5FD57F275280A63F227C30DC83B56F133BF7E60D1510A60085C228CEB99D9EAC39E8F7B751242AD6BC0FC691BF0D66B2720496BA9F71FB4FF1BE59DF6
            Malicious:false
            Reputation:unknown
            Preview:.PNG........IHDR..............}.V....pHYs...%...%.IR$.....sRGB.........gAMA......a...;.IDATx...O.-....9.........^.."".2...R$.D.....t.PhD4.@...=..,$z.D..R$Z.... B .R.... c)..s.^.j..w..U..{....{..1.;....kU.U.R>..;j...(.eY.eY.eY.eY..k.~.m.......x..m~....1.............a.....%...U.w=~......k.e....9>..........k}.ZBc...v.||.xA_.....,.8...q....k.o..5...q=.x....;..k...2.......q.e..b......G..1...q+.(...,.,.,.,...U....zyO=.W....g.\c.8j............0...u......=!a...rZ.v...tB.A.8.xV..5.^..G..QNp......r].....NXw.?~..........q......h.qz..6.4vA.].S[..;..Z|~=..~|....1..,.,.,.,.~M}........+......!P..'...B{..0..=]GZ..|.......pq|X_m7.$..>W...5.....2K8y|..y..U.........?..q.'.2t......47..O.....x...d.|.p..>.1.....6..>t<^g.w.q3..,.,.,.,.~..b..........j...........;.,.G_I..u...x.......Y...*..\D.#B..:....8W......6nz}..Wi.cL..u...........-..?....!.9.P....b=...u..?.q..1.E.1...@0@...........eY.eY.eY.eY.?H....q...zMp.A..[...-.9K......0,x...#.....Y..h.r.t"

            C:\Users\user\AppData\Local\app_shell_cache_562354\app_package_7e67f93185.exe

            Download File
            Process:C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):542896128
            Entropy (8bit):7.685132548814806
            Encrypted:false
            SSDEEP:
            MD5:EAC1B4E29494F4283B8E864E9417836F
            SHA1:1C0A8C13B3182F44E5742102926EFCF710A7FA77
            SHA-256:84DEE8131C7FBB8CE8150D877F36FD5DFE091996D6198BA0AC7313CD777A01F8
            SHA-512:7CC9BF095B0D162FE1BB5382F629BC8D2BD3ADA821901B542687437B9378404242CFDE07C0B857BA0007B34D4CE1CB4BBA1DDAAC55C06BBB805298216AD212C8
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........XH..9&..9&..9&.f...9&..k...9&..k..8&..k..9&.%...9&.%....9&..h..9&....L9&.%...9&..9'..;&.....9&.....9&......9&..k...9&..9...9&......9&.Rich.9&.........................PE..L....h............................................@.................................j.+$..@.........................``.......a...........X..........X.*$.4...`..`k..P.......................X...........@...................@_..`....................text.............................. ..`.rdata..............................@..@.data....n.......0...p..............@....tls................................@....rsrc....X.......Z..................@..@.reloc..`k...`...l..................@..B................................................................................................................................................................................................................

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 4 23:55:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2673
            Entropy (8bit):3.9805382185274825
            Encrypted:false
            SSDEEP:
            MD5:BEF38844190C5C19F2AFF5ED9F6E9BA6
            SHA1:54FD0871F4BDBD7880FBDD2699CD8A1047166EA3
            SHA-256:AE81096165ABD76D47590A91D6ABAD543E8EE4B21A38F21674B2DDD9ED31D51A
            SHA-512:E98FDEC5CD93369CD580ECD08458DAC2B3A8AF45048E7327E953129A4D0D466918ACE2EB98ED235012AD989E2DD476E19B1F4F43FE32BC817C8BFE636365CEAB
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,.....y.g./..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IeY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VeY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VeY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VeY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VeY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........j .......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 4 23:55:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2675
            Entropy (8bit):3.9972465720960364
            Encrypted:false
            SSDEEP:
            MD5:5995BB1BC1A722B48D5D9F5A4E1BBBE9
            SHA1:0A98FF0F7C799DEA541A4CA74D6C5858086A37D1
            SHA-256:2A368419BC42EAA98DF8F985B28303425FE71A395825FDD8C50F25ED09A5FEB7
            SHA-512:D4B0323EE7D534C71E24132A77DE83FB751E40F5D081CEA872C4DE0887FAC82144984B0E81E8A7C6D344286599A78C22DF140F305D10D19324D1FC592035C080
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,......ug./..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IeY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VeY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VeY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VeY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VeY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........j .......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2689
            Entropy (8bit):4.007964125347492
            Encrypted:false
            SSDEEP:
            MD5:07EA1E1F094FA2A5C494BD4DDBA51DCA
            SHA1:7D4B901A85D2A856B28D972FABD2BB525D51D6D8
            SHA-256:5CA51560B1C6093F6192D0F1858FC27283647B8475F945A96AB6180B5F245089
            SHA-512:BB797035780DD221EA61ABA5B081EAED5E77F39991F667D5DC994B2286C46F13310BC8103F3463B504A897AF520F977EEAA4CA773F4ED9F1A42149DFD3AB7313
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IeY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VeY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VeY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VeY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........j .......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 4 23:55:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2677
            Entropy (8bit):3.9949702215670815
            Encrypted:false
            SSDEEP:
            MD5:A70DBFA13D05CF5F8DB4D09E3F2FF579
            SHA1:B4F43A3ED494C584C66BF8F9450FD443C2573142
            SHA-256:93A5F82A0ECD8329D8D0AB4A84EA4C389270FE970C17928DE8B1B59932C08CC3
            SHA-512:CF7B44CD1BE8AAA77F33E827CED1F7E26C4774ED4FBC69EA6F78EEEB844BBB884C28AABF75FF81C60D75FF49EC7E2045D28051C869C65092E32389FC42B57ED9
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,......pg./..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IeY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VeY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VeY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VeY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VeY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........j .......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 4 23:55:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2677
            Entropy (8bit):3.985585069523056
            Encrypted:false
            SSDEEP:
            MD5:7FB48106C5B9C8B55C8DB2EAF6ADBDC3
            SHA1:91FCA6C4A088F5E52770391E910CD7249EC7705E
            SHA-256:B258F10C41184E7B7FDEA64A5865D4757C205847A6D42FC52A87BC68809E7753
            SHA-512:27CDC9755516D89A3B0073F823FF2269C8C1702A578253E8F9CA0615DA95122811C0FEEB2A8E9F69A82C73C7DB3D81F709581201D4EF9CBFCFDD0487116F6E7A
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,.....H{g./..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IeY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VeY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VeY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VeY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VeY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........j .......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 4 23:55:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2679
            Entropy (8bit):3.991626793482718
            Encrypted:false
            SSDEEP:
            MD5:1B5A5CF12745F4792187A24DDEF59B4A
            SHA1:6D5CBF75076CFDE433B350A24CB70DC10759D0A7
            SHA-256:0B906993741FA92795A299881D1E6E817A86027A520745495C0D99A40A0F7491
            SHA-512:94486E0B5988CD9197EBE29AB6C0AEE615ACAF67B69DA422CFC756A82B8E8A2A55625F6EBE2A3119B9C5A757C5E5F1634786A915170CED952C9E15B04DBBC1F9
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,......hg./..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IeY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VeY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VeY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VeY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VeY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........j .......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\Downloads\Unconfirmed 242471.crdownload

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
            Category:dropped
            Size (bytes):2313024
            Entropy (8bit):7.713606257309821
            Encrypted:false
            SSDEEP:
            MD5:C91E097550EA6CCEDF592D8B83414E0D
            SHA1:021F3F26D86F98AF28DC987BAAD8714F64867207
            SHA-256:4A9D815F284ADDA187982E2B24DA2BEAAD860739BC4B4CB1CF26408E7C221DD6
            SHA-512:916898C9850DDFCD2C11DA7421EEFFC4D48406D9AD4787A4DC572EC17A81A39EDD30733AA8CCCDE8B31450FF8031E3DA68BE019A8A0EFF50C0A17ED4FA0AA3C9
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h...8...@...3............@.......................... .......H$...@.............................................P&............#..4...........................................................................................text...'f.......h.................. ..`.rdata...............l..............@..@.data...............................@....ndata...@...............................rsrc...P&.......(..................@..@................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\Downloads\capcut_capcutpc_0_1.2.6_installer.exe (copy)

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
            Category:dropped
            Size (bytes):0
            Entropy (8bit):0.0
            Encrypted:false
            SSDEEP:
            MD5:C91E097550EA6CCEDF592D8B83414E0D
            SHA1:021F3F26D86F98AF28DC987BAAD8714F64867207
            SHA-256:4A9D815F284ADDA187982E2B24DA2BEAAD860739BC4B4CB1CF26408E7C221DD6
            SHA-512:916898C9850DDFCD2C11DA7421EEFFC4D48406D9AD4787A4DC572EC17A81A39EDD30733AA8CCCDE8B31450FF8031E3DA68BE019A8A0EFF50C0A17ED4FA0AA3C9
            Malicious:true
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h...8...@...3............@.......................... .......H$...@.............................................P&............#..4...........................................................................................text...'f.......h.................. ..`.rdata...............l..............@..@.data...............................@....ndata...@...............................rsrc...P&.......(..................@..@................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\Downloads\cd680e9b-7e47-4827-9747-c5bc1ad6c301.tmp

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):91856
            Entropy (8bit):3.4172311003719944
            Encrypted:false
            SSDEEP:
            MD5:3A033BAD652D0A0BE7A43C35538FB3BB
            SHA1:557275E11721398CB2714E691F31F2282BE76886
            SHA-256:BBD9610451DE03BFC9B5B112AEF1ADF0C03EEAE2A67681ABCB0A7C78F247AA32
            SHA-512:C7B1DD3537C75213221C8ECF019B059B7884B5CB022208F3F210848FB78A8AB210F0E494086323EAC7D8A23608C1BED0A6A21106C10B504F1ABA5DC0DF4BF514
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h...8...@...3............@.......................... .......H$...@.............................................P&............#..4...........................................................................................text...'f.......h.................. ..`.rdata...............l..............@..@.data...............................@....ndata...@...............................rsrc...P&.......(..................@..@................................................................................................................................................................................................................................................................................................................................................

            Static File Info

            No static file info