Edit tour

Windows Analysis Report
https://intsbcr.soccerscores.work/opensearch/entry/a41f5eee-a7d5-46c6-8bda-195baa47512c

Overview

General Information

Sample URL:https://intsbcr.soccerscores.work/opensearch/entry/a41f5eee-a7d5-46c6-8bda-195baa47512c
Analysis ID:1625256
Infos:

Detection

Score:0
Range:0 - 100
Confidence:80%

Signatures

Stores files to the Windows start menu directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 6268 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6940 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1916,i,13940361082418178326,4008841443330697532,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 72 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://intsbcr.soccerscores.work/opensearch/entry/a41f5eee-a7d5-46c6-8bda-195baa47512c" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: chrome.exeMemory has grown: Private usage: 1MB later: 29MB
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 217.20.57.18
Source: unknownTCP traffic detected without corresponding DNS query: 217.20.57.18
Source: unknownTCP traffic detected without corresponding DNS query: 217.20.57.18
Source: unknownTCP traffic detected without corresponding DNS query: 217.20.57.18
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.0
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.131.245
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.0
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.131.245
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.0
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.0
Source: global trafficHTTP traffic detected: GET /opensearch/entry/a41f5eee-a7d5-46c6-8bda-195baa47512c HTTP/1.1Host: intsbcr.soccerscores.workConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: intsbcr.soccerscores.workConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://intsbcr.soccerscores.work/opensearch/entry/a41f5eee-a7d5-46c6-8bda-195baa47512cAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /opensearch/entry/dd280e93-6546-485e-ac79-ea3137bdf249 HTTP/1.1Host: intsbcr.soccerscores.workConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: intsbcr.soccerscores.work
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Feb 2025 21:43:25 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeReport-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1740606205&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=9lzFF6VqJFhEUoztuQc0spWLyJ4RGrvYeR4cQy2tREc%3D"}]}Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1740606205&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=9lzFF6VqJFhEUoztuQc0spWLyJ4RGrvYeR4cQy2tREc%3DNel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}X-Powered-By: ExpressAccess-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, AcceptContent-Security-Policy: default-src 'none'X-Content-Type-Options: nosniffVary: Accept-EncodingVia: 1.1 vegurCache-Control: max-age=14400CF-Cache-Status: EXPIREDServer: cloudflareCF-RAY: 91831c4d8d308cda-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=5172&min_rtt=2148&rtt_var=2822&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2842&recv_bytes=1237&delivery_rate=1359404&cwnd=227&unsent_bytes=0&cid=5fffefa3242fb2f8&ts=418&x=0"
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: classification engineClassification label: clean0.win@17/6@4/102
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1916,i,13940361082418178326,4008841443330697532,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://intsbcr.soccerscores.work/opensearch/entry/a41f5eee-a7d5-46c6-8bda-195baa47512c"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1916,i,13940361082418178326,4008841443330697532,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection
1
Extra Window Memory Injection
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://intsbcr.soccerscores.work/opensearch/entry/a41f5eee-a7d5-46c6-8bda-195baa47512c0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://intsbcr.soccerscores.work/favicon.ico0%Avira URL Cloudsafe
https://intsbcr.soccerscores.work/opensearch/entry/dd280e93-6546-485e-ac79-ea3137bdf2490%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
intsbcr.soccerscores.work
104.21.48.1
truefalse
    unknown
    www.google.com
    142.250.181.228
    truefalse
      high
      NameMaliciousAntivirus DetectionReputation
      https://intsbcr.soccerscores.work/favicon.icofalse
      • Avira URL Cloud: safe
      unknown
      https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
        high
        https://intsbcr.soccerscores.work/opensearch/entry/dd280e93-6546-485e-ac79-ea3137bdf249false
        • Avira URL Cloud: safe
        unknown
        https://intsbcr.soccerscores.work/opensearch/entry/a41f5eee-a7d5-46c6-8bda-195baa47512cfalse
          unknown
          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs
          IPDomainCountryFlagASNASN NameMalicious
          104.21.48.1
          intsbcr.soccerscores.workUnited States
          13335CLOUDFLARENETUSfalse
          1.1.1.1
          unknownAustralia
          13335CLOUDFLARENETUSfalse
          239.255.255.250
          unknownReserved
          unknownunknownfalse
          142.250.181.228
          www.google.comUnited States
          15169GOOGLEUSfalse
          216.58.206.67
          unknownUnited States
          15169GOOGLEUSfalse
          216.58.206.78
          unknownUnited States
          15169GOOGLEUSfalse
          142.250.186.110
          unknownUnited States
          15169GOOGLEUSfalse
          142.250.186.99
          unknownUnited States
          15169GOOGLEUSfalse
          66.102.1.84
          unknownUnited States
          15169GOOGLEUSfalse
          IP
          192.168.2.16
          Joe Sandbox version:42.0.0 Malachite
          Analysis ID:1625256
          Start date and time:2025-02-26 22:42:48 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Sample URL:https://intsbcr.soccerscores.work/opensearch/entry/a41f5eee-a7d5-46c6-8bda-195baa47512c
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:13
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • EGA enabled
          Analysis Mode:stream
          Analysis stop reason:Timeout
          Detection:CLEAN
          Classification:clean0.win@17/6@4/102
          • Exclude process from analysis (whitelisted): svchost.exe
          • Excluded IPs from analysis (whitelisted): 216.58.206.67, 142.250.186.110, 66.102.1.84, 172.217.23.110, 142.250.74.206
          • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, clientservices.googleapis.com, clients.l.google.com
          • Not all processes where analyzed, report is missing behavior information
          • VT rate limit hit for: https://intsbcr.soccerscores.work/opensearch/entry/a41f5eee-a7d5-46c6-8bda-195baa47512c
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 26 20:43:24 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2673
          Entropy (8bit):3.9872092937561248
          Encrypted:false
          SSDEEP:
          MD5:F154B9FF71266A92B6030441307B8E30
          SHA1:C4A46A8738DE8ED487CE1821A6CA9103B1F9AB09
          SHA-256:A5FF090A795080616124256F26139D914014FC6BFEAFFFA6B19059D6169EDD48
          SHA-512:D2E4AB9F506A418E2BD49D1E026107F99C216A439D3F0A6C4041DE1095DD69189BF324DEC7B3A53681A37DAB60C4D741693C77D2C8F843CA41109DDEDA6EA1FC
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.....r.v....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IZZ`.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VZZk.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VZZk.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VZZk............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VZZl............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........o!.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 26 20:43:23 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2675
          Entropy (8bit):4.004568008341626
          Encrypted:false
          SSDEEP:
          MD5:798F5ADE2373DB85CF859C775CF9F9B8
          SHA1:3F6E3D965C8A5D2F82302F7EA0B8F05F6DC7473F
          SHA-256:F94669437B5C77130C208F05D880EFB56697D5784F8D354AE0F7AD71EE0A7654
          SHA-512:984A085079AB541DB828223E1A2C2FAF1895AD5AF4028ED413A89C1D171C023E9C610F011B46CE7120083A9C18A8D66A19246F3C15397E7BD558F929EF22604D
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.......v....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IZZ`.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VZZk.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VZZk.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VZZk............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VZZl............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........o!.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2689
          Entropy (8bit):4.010312452468542
          Encrypted:false
          SSDEEP:
          MD5:31741A9973D479DE0208AB8F3801D72C
          SHA1:164FF5359DED78F3B326140E4C5EE20BB4C01237
          SHA-256:6FA84F48576DD9E55405B182738297CFE67C2EAA83876C70C4073C7649FBFF4D
          SHA-512:B5D7DEA265E8754CF4B5289920B3936F6434218B59266211B80336F704BD2DEF3111EF9DA707B5F3C492F6B0592A3DAE5ABC1FF1281BF7293513A6CAF3094136
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IZZ`.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VZZk.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VZZk.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VZZk............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........o!.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 26 20:43:23 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2677
          Entropy (8bit):4.002121410748239
          Encrypted:false
          SSDEEP:
          MD5:2EDDE118391FBD91731CD358D80519CF
          SHA1:5E8ACE1E6A4FB7FB29D812D86C1B73D09C8DC001
          SHA-256:402C32EB78E97B2C975A2AF199B9B429DD0E6F177E1C09829F6A12FF1D390122
          SHA-512:BE52E4AEA94C6595424451DA95C57BA987C0DC550E6B1B95157D69DFA12CA2A172B96B564D6A64F8919E682613A4DFF2BC7FFEF7DBEDFD28C54CF18BE65F6B6E
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.......v....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IZZ`.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VZZk.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VZZk.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VZZk............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VZZl............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........o!.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 26 20:43:24 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2677
          Entropy (8bit):3.989669296641257
          Encrypted:false
          SSDEEP:
          MD5:1AA6330122F75617AC65E93A393A7D53
          SHA1:2FE0EC535CFCFE37B462647E0B69C261CABDFB52
          SHA-256:2E9C3ABFE374860A68AB7056ACFED95E6EE92DF1DF60891DADECC989D03FF9D2
          SHA-512:390B06519A73A1E725532F2E6596E34060AC32D8C0B90D072FECB970486C4D3D4416D0A8B5435D0A1C03FD87DC0975FA05BA2D924A846A7C3860A00625B7887F
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,....R..v....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IZZ`.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VZZk.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VZZk.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VZZk............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VZZl............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........o!.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 26 20:43:23 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2679
          Entropy (8bit):3.9982955324475653
          Encrypted:false
          SSDEEP:
          MD5:E3C8525A99FA59F0FE98F5BCF1D46ECD
          SHA1:A7F79C136023D33484B050C78078AE2CCFDEA7FE
          SHA-256:F2BA79931B567DEBC41D27D3CCE8099370894FF56282FAB8F0B9481B17310B32
          SHA-512:6AD5459FBE62B4AE07CA6EC3F49AE7B8002C1C7B1BB9F4DFF91D835056E7ED7BF75C077DA6786628D65EBB1AF4ED266B8330E531C0226CE709E7E22AE8B147E1
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,......u....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IZZ`.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VZZk.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VZZk.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VZZk............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VZZl............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........o!.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
          No static file info