Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://u48333601.ct.sendgrid.net/ls/click?upn=u001.ReYpmFRCLp22wZk8bSOTsNKlcWOPLggEaAWaTPOdWtwL08QalLIGUtMOOAnTcpQOCsWm_2VohxSgp4VhFEPEaFYUtLfma3aHe4kSKv8w-2B9jUdzpfTohuHqnsJg6ASjRJSB0-2Bvy4HQ4FilYdumzvQrsyHU0k-2B-2BGLe3TC-2BbVHjnZFQGMLp7DLxJhMmDL3O3XogP7AxrLzJvuwSanUwY4NT7qE8I6hOZjFgPsrS4aZ-2Bkoc1

Overview

General Information

Sample URL:https://u48333601.ct.sendgrid.net/ls/click?upn=u001.ReYpmFRCLp22wZk8bSOTsNKlcWOPLggEaAWaTPOdWtwL08QalLIGUtMOOAnTcpQOCsWm_2VohxSgp4VhFEPEaFYUtLfma3aHe4kSKv8w-2B9jUdzpfTohuHqnsJg6ASjRJSB0-2Bvy4HQ4FilYdu
Analysis ID:1605886
Infos:

Detection

Score:3
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Stores files to the Windows start menu directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 7016 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6452 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1936,i,3845685449358686779,448962904064362064,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6212 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u48333601.ct.sendgrid.net/ls/click?upn=u001.ReYpmFRCLp22wZk8bSOTsNKlcWOPLggEaAWaTPOdWtwL08QalLIGUtMOOAnTcpQOCsWm_2VohxSgp4VhFEPEaFYUtLfma3aHe4kSKv8w-2B9jUdzpfTohuHqnsJg6ASjRJSB0-2Bvy4HQ4FilYdumzvQrsyHU0k-2B-2BGLe3TC-2BbVHjnZFQGMLp7DLxJhMmDL3O3XogP7AxrLzJvuwSanUwY4NT7qE8I6hOZjFgPsrS4aZ-2Bkoc1aCnMaBjyoslVKnQ0H6M7gQQyis3ow4ZvlBfcCO8cc8uU-2Facdw2I-2Bvx-2B2QYXZbp9uQL9LHhEm88uSEeLCWIiwiyf3zPClcSuv-2F1RylbD6sw51T69fQK2-2BcXspZvbqWBH41JiEyCUfEFw-2FzpewK1rbw60d5SiJtpU9dxcOR4MtpT7euFCRwftrN2u80LYpmiyPSxVyjxvqq7KgEkGewwRFahHXry1iSMYeovEVtm5hQ6PpAGxRq8GItJm9PfjDWDV-2BX6f5ildfYT6g9vNoOTU3izwj-2FXFTcaKyORgLxHQghDhuOp72tJV3pXGL-2BmVeFfDvV5wddKVJael-2FQ2UssSVQUOF-2F-2FY90WSLy-2FFywrkcToTEEOLRli4kJKLyVWpINVKTC20E88DS-2FU0QPBe3k-2B8ZzhG6EG2BoR5Or9T3g-2Bt9MizyHefGgohWd0btuLQqkFbklIDWUYu5tKKDwKhUW0uQWpm1wC57GM4AhhSD4UlANq6zH22B57thxXn5PeWnq5mnQ1OfW5eM8xvQ8m9rveB6f1ZbXanx37mowOwla4ZBbGnieyONTSj0xgH0TJotzBN7TPi4v7gFwgvDZ-2FW1ZDxOqCIlSFuSBJVDrwwlwt-2F38apESg3075MTv05me1l5SM132a-2FFEpS6OhSzNBtfACTGgRHHZC1ZDX2cAORleMRU01-2BxhdgftltwW9ALsm2qaNQgl8835a0-2Bm2hK9JJCsVp1n2uwHeFWfHHJOxpckzXi-2B1kTHJuDPw0krVQNkIBFd3lHtdfLiCSLi4uwo07JDA-2BtPBAEGv" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Compliance
  • Networking
  • System Summary
  • Persistence and Installation Behavior
  • Boot Survival

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.16:54965 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:54965 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:54965 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:54965 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:54965 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:54965 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:54965 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: u48333601.ct.sendgrid.net
Source: global trafficDNS traffic detected: DNS query: login.rlxos.org
Source: global trafficDNS traffic detected: DNS query: google.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54967 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54967
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1730715436
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1730715436\sets.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1730715436\manifest.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1730715436\LICENSE
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1730715436\_metadata\
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1730715436\_metadata\verified_contents.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1730715436\manifest.fingerprint
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_214572248
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_214572248\Google.Widevine.CDM.dll
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_214572248\manifest.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_214572248\_metadata\
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_214572248\_metadata\verified_contents.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_214572248\manifest.fingerprint
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1531427371
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1531427371\cr_en-us_500000_index.bin
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1531427371\manifest.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1531427371\_metadata\
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1531427371\_metadata\verified_contents.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1531427371\manifest.fingerprint
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1452749417
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1452749417\keys.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1452749417\manifest.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1452749417\LICENSE
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1452749417\_metadata\
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1452749417\_metadata\verified_contents.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1452749417\manifest.fingerprint
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\chrome_BITS_7016_910519777
Source: classification engineClassification label: clean3.win@25/22@20/102
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1936,i,3845685449358686779,448962904064362064,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u48333601.ct.sendgrid.net/ls/click?upn=u001.ReYpmFRCLp22wZk8bSOTsNKlcWOPLggEaAWaTPOdWtwL08QalLIGUtMOOAnTcpQOCsWm_2VohxSgp4VhFEPEaFYUtLfma3aHe4kSKv8w-2B9jUdzpfTohuHqnsJg6ASjRJSB0-2Bvy4HQ4FilYdumzvQrsyHU0k-2B-2BGLe3TC-2BbVHjnZFQGMLp7DLxJhMmDL3O3XogP7AxrLzJvuwSanUwY4NT7qE8I6hOZjFgPsrS4aZ-2Bkoc1aCnMaBjyoslVKnQ0H6M7gQQyis3ow4ZvlBfcCO8cc8uU-2Facdw2I-2Bvx-2B2QYXZbp9uQL9LHhEm88uSEeLCWIiwiyf3zPClcSuv-2F1RylbD6sw51T69fQK2-2BcXspZvbqWBH41JiEyCUfEFw-2FzpewK1rbw60d5SiJtpU9dxcOR4MtpT7euFCRwftrN2u80LYpmiyPSxVyjxvqq7KgEkGewwRFahHXry1iSMYeovEVtm5hQ6PpAGxRq8GItJm9PfjDWDV-2BX6f5ildfYT6g9vNoOTU3izwj-2FXFTcaKyORgLxHQghDhuOp72tJV3pXGL-2BmVeFfDvV5wddKVJael-2FQ2UssSVQUOF-2F-2FY90WSLy-2FFywrkcToTEEOLRli4kJKLyVWpINVKTC20E88DS-2FU0QPBe3k-2B8ZzhG6EG2BoR5Or9T3g-2Bt9MizyHefGgohWd0btuLQqkFbklIDWUYu5tKKDwKhUW0uQWpm1wC57GM4AhhSD4UlANq6zH22B57thxXn5PeWnq5mnQ1OfW5eM8xvQ8m9rveB6f1ZbXanx37mowOwla4ZBbGnieyONTSj0xgH0TJotzBN7TPi4v7gFwgvDZ-2FW1ZDxOqCIlSFuSBJVDrwwlwt-2F38apESg3075MTv05me1l5SM132a-2FFEpS6OhSzNBtfACTGgRHHZC1ZDX2cAORleMRU01-2BxhdgftltwW9ALsm2qaNQgl8835a0-2Bm2hK9JJCsVp1n2uwHeFWfHHJOxpckzXi-2B1kTHJuDPw0krVQNkIBFd3lHtdfLiCSLi4uwo07JDA-2BtPBAEGv"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1936,i,3845685449358686779,448962904064362064,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u48333601.ct.sendgrid.net/ls/click?upn=u001.ReYpmFRCLp22wZk8bSOTsNKlcWOPLggEaAWaTPOdWtwL08QalLIGUtMOOAnTcpQOCsWm_2VohxSgp4VhFEPEaFYUtLfma3aHe4kSKv8w-2B9jUdzpfTohuHqnsJg6ASjRJSB0-2Bvy4HQ4FilYdumzvQrsyHU0k-2B-2BGLe3TC-2BbVHjnZFQGMLp7DLxJhMmDL3O3XogP7AxrLzJvuwSanUwY4NT7qE8I6hOZjFgPsrS4aZ-2Bkoc1aCnMaBjyoslVKnQ0H6M7gQQyis3ow4ZvlBfcCO8cc8uU-2Facdw2I-2Bvx-2B2QYXZbp9uQL9LHhEm88uSEeLCWIiwiyf3zPClcSuv-2F1RylbD6sw51T69fQK2-2BcXspZvbqWBH41JiEyCUfEFw-2FzpewK1rbw60d5SiJtpU9dxcOR4MtpT7euFCRwftrN2u80LYpmiyPSxVyjxvqq7KgEkGewwRFahHXry1iSMYeovEVtm5hQ6PpAGxRq8GItJm9PfjDWDV-2BX6f5ildfYT6g9vNoOTU3izwj-2FXFTcaKyORgLxHQghDhuOp72tJV3pXGL-2BmVeFfDvV5wddKVJael-2FQ2UssSVQUOF-2F-2FY90WSLy-2FFywrkcToTEEOLRli4kJKLyVWpINVKTC20E88DS-2FU0QPBe3k-2B8ZzhG6EG2BoR5Or9T3g-2Bt9MizyHefGgohWd0btuLQqkFbklIDWUYu5tKKDwKhUW0uQWpm1wC57GM4AhhSD4UlANq6zH22B57thxXn5PeWnq5mnQ1OfW5eM8xvQ8m9rveB6f1ZbXanx37mowOwla4ZBbGnieyONTSj0xgH0TJotzBN7TPi4v7gFwgvDZ-2FW1ZDxOqCIlSFuSBJVDrwwlwt-2F38apESg3075MTv05me1l5SM132a-2FFEpS6OhSzNBtfACTGgRHHZC1ZDX2cAORleMRU01-2BxhdgftltwW9ALsm2qaNQgl8835a0-2Bm2hK9JJCsVp1n2uwHeFWfHHJOxpckzXi-2B1kTHJuDPw0krVQNkIBFd3lHtdfLiCSLi4uwo07JDA-2BtPBAEGv"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_214572248\Google.Widevine.CDM.dllJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_214572248\Google.Widevine.CDM.dllJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		21
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://u48333601.ct.sendgrid.net/ls/click?upn=u001.ReYpmFRCLp22wZk8bSOTsNKlcWOPLggEaAWaTPOdWtwL08QalLIGUtMOOAnTcpQOCsWm_2VohxSgp4VhFEPEaFYUtLfma3aHe4kSKv8w-2B9jUdzpfTohuHqnsJg6ASjRJSB0-2Bvy4HQ4FilYdumzvQrsyHU0k-2B-2BGLe3TC-2BbVHjnZFQGMLp7DLxJhMmDL3O3XogP7AxrLzJvuwSanUwY4NT7qE8I6hOZjFgPsrS4aZ-2Bkoc1aCnMaBjyoslVKnQ0H6M7gQQyis3ow4ZvlBfcCO8cc8uU-2Facdw2I-2Bvx-2B2QYXZbp9uQL9LHhEm88uSEeLCWIiwiyf3zPClcSuv-2F1RylbD6sw51T69fQK2-2BcXspZvbqWBH41JiEyCUfEFw-2FzpewK1rbw60d5SiJtpU9dxcOR4MtpT7euFCRwftrN2u80LYpmiyPSxVyjxvqq7KgEkGewwRFahHXry1iSMYeovEVtm5hQ6PpAGxRq8GItJm9PfjDWDV-2BX6f5ildfYT6g9vNoOTU3izwj-2FXFTcaKyORgLxHQghDhuOp72tJV3pXGL-2BmVeFfDvV5wddKVJael-2FQ2UssSVQUOF-2F-2FY90WSLy-2FFywrkcToTEEOLRli4kJKLyVWpINVKTC20E88DS-2FU0QPBe3k-2B8ZzhG6EG2BoR5Or9T3g-2Bt9MizyHefGgohWd0btuLQqkFbklIDWUYu5tKKDwKhUW0uQWpm1wC57GM4AhhSD4UlANq6zH22B57thxXn5PeWnq5mnQ1OfW5eM8xvQ8m9rveB6f1ZbXanx37mowOwla4ZBbGnieyONTSj0xgH0TJotzBN7TPi4v7gFwgvDZ-2FW1ZDxOqCIlSFuSBJVDrwwlwt-2F38apESg3075MTv05me1l5SM132a-2FFEpS6OhSzNBtfACTGgRHHZC1ZDX2cAORleMRU01-2BxhdgftltwW9ALsm2qaNQgl8835a0-2Bm2hK9JJCsVp1n2uwHeFWfHHJOxpckzXi-2B1kTHJuDPw0krVQNkIBFd3lHtdfLiCSLi4uwo07JDA-2BtPBAEGv0%Avira URL Cloudsafe

Dropped Files

SourceDetectionScannerLabelLink
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_214572248\Google.Widevine.CDM.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
google.com
172.217.16.206
truefalse
    		high
    www.google.com
    		142.250.181.228
    		truefalse
      		high
      u48333601.ct.sendgrid.net
      		167.89.123.60
      		truefalse
        		unknown
        login.rlxos.org
        		unknown
        		unknownfalse
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          8.8.8.8
          		unknownUnited States
          		15169GOOGLEUSfalse
          142.250.181.227
          		unknownUnited States
          		15169GOOGLEUSfalse
          64.233.167.84
          		unknownUnited States
          		15169GOOGLEUSfalse
          142.250.185.206
          		unknownUnited States
          		15169GOOGLEUSfalse
          1.1.1.1
          		unknownAustralia
          		13335CLOUDFLARENETUSfalse
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse
          167.89.123.60
          		u48333601.ct.sendgrid.netUnited States
          		11377SENDGRIDUSfalse
          142.250.181.228
          		www.google.comUnited States
          		15169GOOGLEUSfalse
          172.217.18.110
          		unknownUnited States
          		15169GOOGLEUSfalse

          Private

          IP
          192.168.2.16

          General Information

          Joe Sandbox version:42.0.0 Malachite
          Analysis ID:1605886
          Start date and time:2025-02-03 21:17:52 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Sample URL:https://u48333601.ct.sendgrid.net/ls/click?upn=u001.ReYpmFRCLp22wZk8bSOTsNKlcWOPLggEaAWaTPOdWtwL08QalLIGUtMOOAnTcpQOCsWm_2VohxSgp4VhFEPEaFYUtLfma3aHe4kSKv8w-2B9jUdzpfTohuHqnsJg6ASjRJSB0-2Bvy4HQ4FilYdumzvQrsyHU0k-2B-2BGLe3TC-2BbVHjnZFQGMLp7DLxJhMmDL3O3XogP7AxrLzJvuwSanUwY4NT7qE8I6hOZjFgPsrS4aZ-2Bkoc1aCnMaBjyoslVKnQ0H6M7gQQyis3ow4ZvlBfcCO8cc8uU-2Facdw2I-2Bvx-2B2QYXZbp9uQL9LHhEm88uSEeLCWIiwiyf3zPClcSuv-2F1RylbD6sw51T69fQK2-2BcXspZvbqWBH41JiEyCUfEFw-2FzpewK1rbw60d5SiJtpU9dxcOR4MtpT7euFCRwftrN2u80LYpmiyPSxVyjxvqq7KgEkGewwRFahHXry1iSMYeovEVtm5hQ6PpAGxRq8GItJm9PfjDWDV-2BX6f5ildfYT6g9vNoOTU3izwj-2FXFTcaKyORgLxHQghDhuOp72tJV3pXGL-2BmVeFfDvV5wddKVJael-2FQ2UssSVQUOF-2F-2FY90WSLy-2FFywrkcToTEEOLRli4kJKLyVWpINVKTC20E88DS-2FU0QPBe3k-2B8ZzhG6EG2BoR5Or9T3g-2Bt9MizyHefGgohWd0btuLQqkFbklIDWUYu5tKKDwKhUW0uQWpm1wC57GM4AhhSD4UlANq6zH22B57thxXn5PeWnq5mnQ1OfW5eM8xvQ8m9rveB6f1ZbXanx37mowOwla4ZBbGnieyONTSj0xgH0TJotzBN7TPi4v7gFwgvDZ-2FW1ZDxOqCIlSFuSBJVDrwwlwt-2F38apESg3075MTv05me1l5SM132a-2FFEpS6OhSzNBtfACTGgRHHZC1ZDX2cAORleMRU01-2BxhdgftltwW9ALsm2qaNQgl8835a0-2Bm2hK9JJCsVp1n2uwHeFWfHHJOxpckzXi-2B1kTHJuDPw0krVQNkIBFd3lHtdfLiCSLi4uwo07JDA-2BtPBAEGv
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:14
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • EGA enabled
          Analysis Mode:stream
          Analysis stop reason:Timeout
          Detection:CLEAN
          Classification:clean3.win@25/22@20/102
          • Exclude process from analysis (whitelisted): svchost.exe
          • Excluded IPs from analysis (whitelisted): 142.250.181.227, 172.217.18.110, 64.233.167.84
          • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, clientservices.googleapis.com, clients.l.google.com
          • Not all processes where analyzed, report is missing behavior information
          • VT rate limit hit for: https://u48333601.ct.sendgrid.net/ls/click?upn=u001.ReYpmFRCLp22wZk8bSOTsNKlcWOPLggEaAWaTPOdWtwL08QalLIGUtMOOAnTcpQOCsWm_2VohxSgp4VhFEPEaFYUtLfma3aHe4kSKv8w-2B9jUdzpfTohuHqnsJg6ASjRJSB0-2Bvy4HQ4FilYdumzvQrsyHU0k-2B-2BGLe3TC-2BbVHjnZFQGMLp7DLxJhMmDL3O3XogP7AxrLzJvuwSanUwY4NT7qE8I6hOZjFgPsrS4aZ-2Bkoc1aCnMaBjyoslVKnQ0H6M7gQQyis3ow4ZvlBfcCO8cc8uU-2Facdw2I-2Bvx-2B2QYXZbp9uQL9LHhEm88uSEeLCWIiwiyf3zPClcSuv-2F1RylbD6sw51T69fQK2-2BcXspZvbqWBH41JiEyCUfEFw-2FzpewK1rbw60d5SiJtpU9dxcOR4MtpT7euFCRwftrN2u80LYpmiyPSxVyjxvqq7KgEkGewwRFahHXry1iSMYeovEVtm5hQ6PpAGxRq8GItJm9PfjDWDV-2BX6f5ildfYT6g9vNoOTU3izwj-2FXFTcaKyORgLxHQghDhuOp72tJV3pXGL-2BmVeFfDvV5wddKVJael-2FQ2UssSVQUOF-2F-2FY90WSLy-2FFywrkcToTEEOLRli4kJKLyVWpINVKTC20E88DS-2FU0QPBe3k-2B8ZzhG6EG2BoR5Or9T3g-2Bt9MizyHefGgohWd0btuLQqkFbklIDWUYu5tKKDwKhUW0uQWpm1wC57GM4AhhSD4UlANq6zH22B57thxXn5PeWnq5mnQ1OfW5eM8xvQ8m9rveB6f1ZbXanx37mowOwla4ZBbGnieyONTSj0xgH0TJotzBN7TPi4v7gFwgvDZ-2FW1ZDxOqCIlSFuSBJVDrwwlwt-2F38apESg3075MTv05me1l5SM132a-2FFEpS6OhSzNBtfACTGgRH

          Created / dropped Files

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 3 19:18:27 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2673
          Entropy (8bit):3.9812355621466526
          Encrypted:false
          SSDEEP:
          MD5:D64ED0D9DBC2F839575E5888DF028A09
          SHA1:7EC9F273031FA674F6236AD97E9F7172EB773D51
          SHA-256:C3EE58C608A123579B630D6F1AB7D61FCFEB8F2B79921EDEF9920C33B84CCF73
          SHA-512:AE9FB4FC41E3DDE89A775E25B53CFD440FB7DBF9256EAD59372FAC85460A17D65FA364983174EAAB84A78451E794B54D7CF11FE8167F884E0BBF2A99345AF6F1
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,....V"..xv..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICZC.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCZM.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCZM.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCZM............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCZN............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Vn......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 3 19:18:27 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2675
          Entropy (8bit):3.998892279108943
          Encrypted:false
          SSDEEP:
          MD5:35C390F29D0059F84887D0CF0A42CA50
          SHA1:8FE61F82FAEB30CBF13D3FCEAB2D60A081DF97F9
          SHA-256:5A968608F681DD94BAB7D8ED1CBC2C7F3493052C2FD953B3489673F571A5426B
          SHA-512:16146598F7CDC9D551E31597F9744EB0294E8430F4703DFDE42F203A9F7D7EBEDBB92A82C15B36EDDCAFB220A551F65EF6E3305B3A359DC4741FF44C134E8829
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.....&..xv..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICZC.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCZM.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCZM.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCZM............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCZN............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Vn......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 3 19:18:27 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2677
          Entropy (8bit):3.997270308239236
          Encrypted:false
          SSDEEP:
          MD5:D30A647A3B599184D18CF359848A3F09
          SHA1:8EF35D7AFB0A6BEB86DAF4EA6696846B749A5F6D
          SHA-256:10494131A6B6973EC597F2679FD6ADD81C6F8C7990C1722D3004318DDF0B0BE9
          SHA-512:C0F1F76E9D74071880013FABD20DE2A1B80528F0DA1CDD1F10CFF1CF06F96506836CF5EA35746099A03F2D4318E11FA5DE02D7EB0798019F7166D38E7692531B
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,....N...xv..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICZC.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCZM.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCZM.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCZM............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCZN............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Vn......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 3 19:18:27 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2677
          Entropy (8bit):3.9856566662938393
          Encrypted:false
          SSDEEP:
          MD5:59B9BEDE7CBE9733BADAE109AA828482
          SHA1:8A990EC6AD275806BD152215C40863FA1742DCA8
          SHA-256:90A7D0450C3C75997775ED5262DFBA546F88E3F979C6B2EF008F9F5F261CBD03
          SHA-512:604CEC545F6E517871CD0CEDDB90F9AA2293009AC7AB785FDB06FE1823146D0404BD9CB4B8FE39C4708A0A9C7B03852742E4673E30258AE2F20C02F830B74D16
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,........xv..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICZC.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCZM.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCZM.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCZM............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCZN............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Vn......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 3 19:18:27 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2679
          Entropy (8bit):3.9961279373527843
          Encrypted:false
          SSDEEP:
          MD5:2C2D3F75555D323F560F1CD82DC7BE14
          SHA1:259E86E8CA977147E8196BA991B3FE8A7134D8D3
          SHA-256:F0694AB6C0309385DB0750B6F5E6460A99CC03FA248A9A5779D06F7A06E98D14
          SHA-512:3213EEF6BF40007380E938665267591FE63B6298D7F708FE7A7AC3C673C4A9EAC2D9B8A8E86B75E82507165C79F243ED57139D237332588D1BAA6286B29810AE
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.....1..xv..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICZC.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCZM.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCZM.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCZM............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCZN............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Vn......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1452749417\_metadata\verified_contents.json

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):1864
          Entropy (8bit):6.00682540004288
          Encrypted:false
          SSDEEP:
          MD5:28706AD42E4C615A683C2494BC0BD2AF
          SHA1:6B0465B3D5E85A3EA76C646BA8652C4DC0248DC0
          SHA-256:709BBB3E3A17E2B7BBF9F4AFDCF465312695342CE4EB203DF284233EACEE086F
          SHA-512:E95DA92F1AD5F56EF61A5992A1B465D46F36EFF1FC85643CC5AB3F357B6F14D81A5B5590D0E18D4DA5FCC3AC537A469FD0C15B116A3471536707A9716119FA5F
          Malicious:false
          Reputation:unknown
          Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6ImtleXMuanNvbiIsInJvb3RfaGFzaCI6IlJ1R2ZTVTVlZVdiRHczOVpOMmQ5NHhIRkJuY2JNMWxtZXgybk5ZVmhMU00ifSx7InBhdGgiOiJtYW5pZmVzdC5qc29uIiwicm9vdF9oYXNoIjoiVXdpQzFfVTFybGVra0d5bk5iRVp5ZU5rZ011M2dNZm9yVGZKeVAzejJiRSJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImtpYWJoYWJqZGJramRwamJwaWdmb2RiZGptYmdsY29vIiwiaXRlbV92ZXJzaW9uIjoiMjAyNS4xLjE3LjEiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"DjJ0cJJFQPGNShH6cqF0KMXYB9LDN7hZ0z-M2b0RfT3cl9Mxp62MiQM0bqevSkL0tNe9rHL_VWqPqY7PDdCoumMJ-TVwboLlLJq3c1H9NYQgQ-nQS4F3mFBvP0YJ-Kunf6byMQnF4FLGqtuRouNWZBUqyahkm__1_0-5qoAVqSms3wmBnmVhb1z4p-I6jEjko0pLBq4dad2vH7G6THiOPP15L1ozQ42gvfw5aLvn_Itjpwq7GaU9lNv

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1452749417\keys.json

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):6690
          Entropy (8bit):5.981211959058716
          Encrypted:false
          SSDEEP:
          MD5:BEF4F9F856321C6DCCB47A61F605E823
          SHA1:8E60AF5B17ED70DB0505D7E1647A8BC9F7612939
          SHA-256:FD1847DF25032C4EEF34E045BA0333F9BD3CB38C14344F1C01B48F61F0CFD5C5
          SHA-512:BDEC3E243A6F39BFEA4130C85B162EA00A4974C6057CD06A05348AC54517201BBF595FCC7C22A4AB2C16212C6009F58DF7445C40C82722AB4FA1C8D49D39755C
          Malicious:false
          Reputation:unknown
          Preview:{"https://issuer.captchafox.com":{"PrivateStateTokenV1VOPRF":{"batchsize":1,"id":1,"keys":{"0":{"Y":"AAAAAQQiyE+SESbq7GU5rTx6tZO4tBOxljp+Oya2mU28O+YoALIyXlLLqnl/h5h95ExYSsOlmMIb8EdsJBTrCaDl/KIZSskrfMbZpjhShG0jwnbXojEHI9WaAxKLkX/A/DkyMEg=","expiry":"1734807628115000"},"1":{"Y":"AAAAAQRNtld+5LLBquS4bEJKJwlLw61tzIyqTNkvMVnUTu+YiphbdGrRCjeDTN9D3p1Tgpfmq0N/OKMBYWzDMEN8Km9p9s49c6N2ph4B1MV1m7Ogdj969MOsTw54Kc849oqDl8s=","expiry":"1734807628115000"},"2":{"Y":"AAAAAQSBWW003A3ORFURCZrWNnbEIH15yzk184DaLSebbGzRdyCYtAM1qhhVmXZyBtWTzh6Bfkk5rLPyE1xdQilofPBizF/QJsdaMU0GYhPW1sOU4xoKbmgd/XrnOoFqA2ETOuc=","expiry":"1734807628115000"},"3":{"Y":"AAAAAQSG/ftGdm5B6iwAmVsHt6s43xx3nRf/Vpx9GdeEt3jSTM8hHvyLE9FAEkinGjt4Fp5EjnkCdE96Cxz10nZJRrMApIrGhG5kAoDu4T8PjJPiFQFyHAOdTG7OJWi2NS/rl1A=","expiry":"1734807628115000"},"4":{"Y":"AAAAAQT36tqe550UP5A+4Eokt8iuPZEuWQc9cGJXd7zUCZzrsqtGu3PMcVbOj5DjC4W+yoyF3HqKOqdtiBWgcMsZOcyln/6jUKqf5tS9AoIHa9CC3kQB8ISQd3lhR5j+qWVY8ms=","expiry":"1734807628115000"},"5":{"Y":"AAAAAQQMjaLNCR

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1452749417\manifest.fingerprint

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):66
          Entropy (8bit):4.005340674128682
          Encrypted:false
          SSDEEP:
          MD5:030D9E3F4502E24594ABCA380C073974
          SHA1:AE068D4F8C668477DD8F4BC2892F09D0802130E0
          SHA-256:FD86A9E808BCC78B926C111633615D9A807D60A20CE2BAC7360915336ABB738F
          SHA-512:F28A0311A80FE81965874AE5A46161A7658E149AA48E26B81C500339461B84F2EB53193AEF4E4C78AADB7191AC4518E81BBFB1672CE6077200CC6DF5FAC4054B
          Malicious:false
          Reputation:unknown
          Preview:1.1987650928271ad440c2b8a50f309139de82c742fb6f1f3ea055b35718ac46e7

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1452749417\manifest.json

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):79
          Entropy (8bit):4.442932812379182
          Encrypted:false
          SSDEEP:
          MD5:7F4B594A35D631AF0E37FEA02DF71E72
          SHA1:F7BC71621EA0C176CA1AB0A3C9FE52DBCA116F57
          SHA-256:530882D7F535AE57A4906CA735B119C9E36480CBB780C7E8AD37C9C8FDF3D9B1
          SHA-512:BF3F92F5023F0FBAD88526D919252A98DB6D167E9CA3E15B94F7D71DED38A2CFB0409F57EF24708284DDD965BDA2D3207CD99C008B1C9C8C93705FD66AC86360
          Malicious:false
          Reputation:unknown
          Preview:{. "manifest_version": 2,. "name": "trustToken",. "version": "2025.1.17.1".}

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1531427371\_metadata\verified_contents.json

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):1796
          Entropy (8bit):6.013516832672966
          Encrypted:false
          SSDEEP:
          MD5:EB44AFFA442E881680A5E001492BF854
          SHA1:25E7695F09F294946288758A201B7ED3128B9F09
          SHA-256:A84A32BFEDE1FCD03425C7108D31F71E384B744D6AAD5A34ED7E0992176990BB
          SHA-512:DA196A7EC93C9302FFD62014BEE3BA0559515A5042EC47F812DF1114914D7556EF821487455F6386E13D8B948F3EDB92B209ACF72B3F8FA1FB6E12C0E9B19C96
          Malicious:false
          Reputation:unknown
          Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJjcl9lbi11c181MDAwMDBfaW5kZXguYmluIiwicm9vdF9oYXNoIjoiNlpDRnJzSXoxSGxUVHM4NTFCUXMyejVma0o2cFVHdk9vbXlpMXk1TmhjYyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJwdUg0Y05Ld2pLZW9XV1pfbWh2ZXFTeGo3YmNKN1VrOGtMczdNcDQ0cEkwIn1dLCJmb3JtYXQiOiJ0cmVlaGFzaCIsImhhc2hfYmxvY2tfc2l6ZSI6NDA5Nn1dLCJpdGVtX2lkIjoib2JlZGJiaGJwbW9qbmthbmljaW9nZ25tZWxtb29tb2MiLCJpdGVtX3ZlcnNpb24iOiIyMDI1MDExNC43MjAzNTIyNzEuMTQiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"J54-pntmLwSGnKO4zrk8jlgJ51AMnh3gUrYlFdI0EbqeWgUvN4-PdPUy4YlSo7ZJdllOLJ9JSfu9Ekf2DZfhNZOsqOBZQR2YY3t4kpNcF6eBkMn9IMqcmapVyJc1q3EIrOw4ECjRSjS0g7BB0CWWclh7FAZq2aLeHeuQemj7Yfb33OXhawuIsiz68n8y0bY_s2Eh9FzOeKDOyJdHAU43GJYjYzK3F8_Nt6UiysX7JsrHZYxiURSh9pXAgkhE5AJAvnI1frL49Rq3Qi-9tu9vVKw4czp9rmjZxNYBwHztmv3qDt_LRqzkCjcmpoD

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1531427371\cr_en-us_500000_index.bin

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:data
          Category:dropped
          Size (bytes):7978194
          Entropy (8bit):6.56942491674059
          Encrypted:false
          SSDEEP:
          MD5:32F641A7EF737CF23936A032D1D7E371
          SHA1:F483672A90DA0598345D892482C805AB773D620C
          SHA-256:151E1CD4E7CD605D9F96FA2E60A6D9CE31C3A42E28E308AB1EC4434A7A6824CA
          SHA-512:D7C9FD7183DD19D5A56B3625ED07500578AD939867F33C9D3596D494C02BCE9F9C4DF340595FB2327CD7E5BCF0E78B0438F91D5E4D1319107C6012FA45E1F348
          Malicious:false
          Reputation:unknown
          Preview:......w.....a.....t.. ..h.g/..f.S@..y..H..gm.I..cm.Q..r7'g..n..o..l..v..e_....bC...d.....u.....mS....o1...p.6...s.....i9....z.....v.....k.....ja{...xa,...17....5.....4G....q.....2.7...9.....7.%...3.i...6}....8o......J...0.R...*671\.....\....[]........`...&.a....]b.....b.....e....... ef.....f.....h....... ;i.....i...$.k.../;t.........`.....u....rsula corber......}u.... to usdt..... meaning...+.lafur darri .lafsson movies and tv shows4...-.u....!v.....av.............. .... ........v.....v...(.v..... meaning.....1w.....w..... meaningz:....r eldon."..).x..... meaning....@Ex...#}x....sad.ra bjarkard.ttir barney....... .x...... ..... ..6`........ . ......].... meaning.S......R...... ............ meaning.....eviri.X. . .... ..........4..... meaning...... meaning.....5y..... meaning.p.... meaning.?.... .. .. ..<<.... meaning<<....... 2024P0

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1531427371\manifest.fingerprint

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):66
          Entropy (8bit):3.8559751366930737
          Encrypted:false
          SSDEEP:
          MD5:85E3F88F5559E5EC173AD09F5039B77E
          SHA1:53741A0E44F2A6FC75265EAC8D135047715771CD
          SHA-256:3EDBC320D6E82C9C4187B5A2C187C72B31A1C6724357E7ADA3E9A6B5FDD2D4F6
          SHA-512:C4E49C7BA3B4D982DF741FD7FEC1E6E9475A74DD103261647A26FB999F8B9901D1C6C2509F53D1F3599380AFFB4776A0D320AAED64CD65ED87693685B58DEBFD
          Malicious:false
          Reputation:unknown
          Preview:1.81d390647809b47f3150cd7e7d320669ccc048c6b01b0c1e1506c51740aabeb9

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1531427371\manifest.json

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):108
          Entropy (8bit):4.830002581336876
          Encrypted:false
          SSDEEP:
          MD5:A60AEB7351A04597B542BA569CFDD0FD
          SHA1:B5D931942C30E5F11F80AE850ABD25B4A63340D6
          SHA-256:A6E1F870D2B08CA7A859667F9A1BDEA92C63EDB709ED493C90BB3B329E38A48D
          SHA-512:C1EE9433D347918F4ECA9BFD98CA69456F7524F55D01A39A0BC887F84C61C3F408F99BA76999860BD26DE8DDE5443E8820F02C789D682923D2005A1CC00DE3A8
          Malicious:false
          Reputation:unknown
          Preview:{. "manifest_version": 2,. "name": "OnDeviceHeadSuggestENUS500000",. "version": "20250114.720352271.14".}

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1730715436\LICENSE

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1558
          Entropy (8bit):5.11458514637545
          Encrypted:false
          SSDEEP:
          MD5:EE002CB9E51BB8DFA89640A406A1090A
          SHA1:49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
          SHA-256:3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
          SHA-512:D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
          Malicious:false
          Reputation:unknown
          Preview:// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1730715436\_metadata\verified_contents.json

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):1864
          Entropy (8bit):6.018989605004616
          Encrypted:false
          SSDEEP:
          MD5:C4709C1D483C9233A3A66A7E157624EA
          SHA1:99A000EB5FE5CC1E94E3155EE075CD6E43DC7582
          SHA-256:225243DC75352D63B0B9B2F48C8AAA09D55F3FB9E385741B12A1956A941880D9
          SHA-512:B45E1FD999D1340CC5EB5A49A4CD967DC736EA3F4EC8B02227577CC3D1E903341BE3217FBB0B74765C72085AC51C63EEF6DCB169D137BBAF3CC49E21EA6468D7
          Malicious:false
          Reputation:unknown
          Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJVczFpOUt3Zm5uMThTVVR1RVItRXBDTTMwVzFkNTc0cGJwUlJSdGJYM0JVIn0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiM0hiWThLc3poeEF6UDVSUU9fZEpvZGNwbEtpRXR0RWh2UmZMZEtjSTdjZyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC4xMS44LjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"lGxZ1-AH7F8MftKSBdZiFULmC8hZkIHy1_2XIoU81Z5mK0wHVwNV7-55CBTcuuvKjTje-AnKLDoG4S0A_Jeg4lSQK5V_Q4f6JVqp5Vj_ge86YkRZEv4m1bjKRY4N17SHobwuH8Hc_kAugFIlG1LIDHnrm1N7ZWIqo3fVlnVqgSstmvFXAhBazgs1UYRi3hPjPM6e1q1i2N1mIUbxLvG41frGo2QJ8W5J3buUjzs-0y250k-YkadKAR0

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1730715436\manifest.fingerprint

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):66
          Entropy (8bit):3.820000180714897
          Encrypted:false
          SSDEEP:
          MD5:BBEC7670A2519FEB0627F17D0C0B5276
          SHA1:9C30B996F1B069F86EF7C0136DFAF7E614674DEA
          SHA-256:670A6F6BBADAB2C2BE63898525FCAF72E7454739E77C04D120BC1A46B6694CAC
          SHA-512:1ED4ED6AE2A2CBE86F9E8C6C7A2672EBB2F37DBE83D2BF09D875DB435ED63BF5F5CF60CA846865166F9A498095F6D61BD51B0A092E097430439E8A5A3A14CB15
          Malicious:false
          Reputation:unknown
          Preview:1.03cccbb22b17080279ea1707c9ab093c59f4f4dd09580c841cfa794cb372228d

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1730715436\manifest.json

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):85
          Entropy (8bit):4.462192586591686
          Encrypted:false
          SSDEEP:
          MD5:084E339C0C9FE898102815EAC9A7CDEA
          SHA1:6ABF7EAAA407D2EAB8706361E5A2E5F776D6C644
          SHA-256:52CD62F4AC1F9E7D7C4944EE111F84A42337D16D5DE7BE296E945146D6D7DC15
          SHA-512:0B67A89F3EBFF6FEC3796F481EC2AFBAC233CF64FDC618EC6BA1C12AE125F28B27EE09E8CD0FADB8F6C8785C83929EA6F751E0DDF592DD072AB2CF439BD28534
          Malicious:false
          Reputation:unknown
          Preview:{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.11.8.0".}

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_1730715436\sets.json

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):9817
          Entropy (8bit):4.629347296880043
          Encrypted:false
          SSDEEP:
          MD5:8C702C686B703020BC0290BAFC90D7A0
          SHA1:EB08FF7885B4C1DE3EF3D61E40697C0C71903E27
          SHA-256:97D9E39021512305820F27B9662F0351E45639124F5BD29F0466E9072A9D0C62
          SHA-512:6137D0ED10E6A27924ED3AB6A0C5F9B21EB0E16A876447DADABD88338198F31BB9D89EF8F0630F4573EA34A24FB3FD3365D7EA78A97BA10028A0758E0A550739
          Malicious:false
          Reputation:unknown
          Preview:{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://drimer.io","asso

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_214572248\Google.Widevine.CDM.dll

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
          Category:dropped
          Size (bytes):2877728
          Entropy (8bit):6.868480682648069
          Encrypted:false
          SSDEEP:
          MD5:477C17B6448695110B4D227664AA3C48
          SHA1:949FF1136E0971A0176F6ADEA8ADCC0DD6030F22
          SHA-256:CB190E7D1B002A3050705580DD51EBA895A19EB09620BDD48D63085D5D88031E
          SHA-512:1E267B01A78BE40E7A02612B331B1D9291DA8E4330DEA10BF786ACBC69F25E0BAECE45FB3BAFE1F4389F420EBAA62373E4F035A45E34EADA6F72C7C61D2302ED
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....fd.........." ......(..........A&.......................................,.......,...`A.........................................V*......V*......`,......`+..p....+. )...p,......D*.8....................C*.(.....(.8...........p\*..............................text.....(.......(................. ..`.rdata..h.....(.......(.............@..@.data....l....*..&....*.............@....pdata...p...`+..r....*.............@..@.00cfg..(.....+......p+.............@..@.gxfg....$....+..&...r+.............@..@.retplnel.... ,.......+..................tls.........0,.......+.............@....voltbl.D....@,.......+................._RDATA.......P,.......+.............@..@.rsrc........`,.......+.............@..@.reloc.......p,.......+.............@..B........................................................................................................................................

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_214572248\_metadata\verified_contents.json

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):1778
          Entropy (8bit):6.02086725086136
          Encrypted:false
          SSDEEP:
          MD5:3E839BA4DA1FFCE29A543C5756A19BDF
          SHA1:D8D84AC06C3BA27CCEF221C6F188042B741D2B91
          SHA-256:43DAA4139D3ED90F4B4635BD4D32346EB8E8528D0D5332052FCDA8F7860DB729
          SHA-512:19B085A9CFEC4D6F1B87CC6BBEEB6578F9CBA014704D05C9114CFB0A33B2E7729AC67499048CB33823C884517CBBDC24AA0748A9BB65E9C67714E6116365F1AB
          Malicious:false
          Reputation:unknown
          Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJHb29nbGUuV2lkZXZpbmUuQ0RNLmRsbCIsInJvb3RfaGFzaCI6Im9ZZjVLQ2Z1ai1MYmdLYkQyWFdBS1E5Nkp1bTR1Q2dCZTRVeEpGSExSNWMifSx7InBhdGgiOiJtYW5pZmVzdC5qc29uIiwicm9vdF9oYXNoIjoiYk01YTJOU1d2RkY1LW9Tdml2eFdqdXVwZ05pblVGakdPQXRrLTBJcGpDZyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6Im5laWZhb2luZGdnZmNqaWNmZmtncG1ubHBwZWZmYWJkIiwiaXRlbV92ZXJzaW9uIjoiMS4wLjI3MzguMCIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"KTPeHzS0ybFaz3_br3ASYWHjb6Ctul92067u2JMwtNYYm-4KxLiSkJZNBIzhm6hNSEW2p5kUEvHD0TjhhFGCZnWm9titj2bqJayCOAGxZb5BO74JJCRfy5Kwr1KSS4nvocsZepnHBmCiG2OV3by-Lyf1h1uU3X3bDfD92O0vJzrA8rwL2LrwIk-BolLo5nlM0I_MZwg8DhZ8SFBu9GGRVB2XrailDrv4SgupFE9gqA1HY6kjRjoyoAHbRRxZdBNNt9IKNdxNyaF9NcNRY8dAedNQ9Tw3YNp5jB7R9lcjO4knn58RdH2h_GiJ4l96StcXA4e7cqbJ77P-c

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_214572248\manifest.fingerprint

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):66
          Entropy (8bit):3.974403644129192
          Encrypted:false
          SSDEEP:
          MD5:D30A5BBC00F7334EEDE0795D147B2E80
          SHA1:78F3A6995856854CAD0C524884F74E182F9C3C57
          SHA-256:A08C1BC41DE319392676C7389048D8B1C7424C4B74D2F6466BCF5732B8D86642
          SHA-512:DACF60E959C10A3499D55DC594454858343BF6A309F22D73BDEE86B676D8D0CED10E86AC95ECD78E745E8805237121A25830301680BD12BFC7122A82A885FF4B
          Malicious:false
          Reputation:unknown
          Preview:1.c900ba9a2d8318263fd43782ee6fd5fb50bad78bf0eb2c972b5922c458af45ed

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7016_214572248\manifest.json

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):145
          Entropy (8bit):4.595307058143632
          Encrypted:false
          SSDEEP:
          MD5:BBC03E9C7C5944E62EFC9C660B7BD2B6
          SHA1:83F161E3F49B64553709994B048D9F597CDE3DC6
          SHA-256:6CCE5AD8D496BC5179FA84AF8AFC568EEBA980D8A75058C6380B64FB42298C28
          SHA-512:FB80F091468A299B5209ACC30EDAF2001D081C22C3B30AAD422CBE6FEA7E5FE36A67A8E000D5DD03A30C60C30391C85FA31F3931E804C351AB0A71E9A978CC0F
          Malicious:false
          Reputation:unknown
          Preview:{. "manifest_version": 2,. "name": "windows-mf-cdm",. "version": "1.0.2738.0",. "accept_arch": [. "x64",. "x86_64",. "x86_64h". ].}

          Static File Info

          No static file info