Create Interactive Tour

Analysis Report http://retracker.spark-rostov.ru

Overview

General Information

Sample URL:	http://retracker.spark-rostov.ru
Analysis ID:	358377
Infos:
Most interesting Screenshot:
Errors URL not reachable

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work

Joe Sandbox was unable to browse the URL (domain or webserver down or HTTPS issue), try to browse the URL again later

Startup

System is w10x64

chrome.exe (PID: 6780 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized 'http://retracker.spark-rostov.ru' MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 7028 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1628,10925581537474560952,16808046691822587767,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1704 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic

TCP traffic: 192.168.2.4:49732 -> 195.22.28.198:80

Source: unknown

DNS traffic detected: queries for: retracker.spark-rostov.ru

Source: Current Session.0.dr	String found in binary or memory: http://retracker.spark-rostov.ru/
Source: c87d79ac-0d2c-4f16-95fa-f0b46731c931.tmp.1.dr	String found in binary or memory: https://accounts.google.com
Source: c87d79ac-0d2c-4f16-95fa-f0b46731c931.tmp.1.dr	String found in binary or memory: https://apis.google.com
Source: c87d79ac-0d2c-4f16-95fa-f0b46731c931.tmp.1.dr	String found in binary or memory: https://clients2.google.com
Source: c87d79ac-0d2c-4f16-95fa-f0b46731c931.tmp.1.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: c87d79ac-0d2c-4f16-95fa-f0b46731c931.tmp.1.dr, 5367fb07-9211-427f-a450-053ed65d8948.tmp.1.dr	String found in binary or memory: https://dns.google
Source: c87d79ac-0d2c-4f16-95fa-f0b46731c931.tmp.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: c87d79ac-0d2c-4f16-95fa-f0b46731c931.tmp.1.dr	String found in binary or memory: https://fonts.gstatic.com
Source: c87d79ac-0d2c-4f16-95fa-f0b46731c931.tmp.1.dr	String found in binary or memory: https://ogs.google.com
Source: c87d79ac-0d2c-4f16-95fa-f0b46731c931.tmp.1.dr	String found in binary or memory: https://play.google.com
Source: c87d79ac-0d2c-4f16-95fa-f0b46731c931.tmp.1.dr	String found in binary or memory: https://r5---sn-h0jeln7l.gvt1.com
Source: c87d79ac-0d2c-4f16-95fa-f0b46731c931.tmp.1.dr	String found in binary or memory: https://redirector.gvt1.com
Source: c87d79ac-0d2c-4f16-95fa-f0b46731c931.tmp.1.dr	String found in binary or memory: https://ssl.gstatic.com
Source: c87d79ac-0d2c-4f16-95fa-f0b46731c931.tmp.1.dr	String found in binary or memory: https://www.google.com
Source: c87d79ac-0d2c-4f16-95fa-f0b46731c931.tmp.1.dr	String found in binary or memory: https://www.googleapis.com
Source: c87d79ac-0d2c-4f16-95fa-f0b46731c931.tmp.1.dr	String found in binary or memory: https://www.gstatic.com

Source: classification engine

Classification label: unknown0.win@15/28@2/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-6037ACD2-1A7C.pma

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized 'http://retracker.spark-rostov.ru'
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1628,10925581537474560952,16808046691822587767,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1704 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1628,10925581537474560952,16808046691822587767,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1704 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Non-Application Layer Protocol1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://retracker.spark-rostov.ru	4%	Virustotal		Browse
http://retracker.spark-rostov.ru	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
retracker.spark-rostov.ru	4%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
http://retracker.spark-rostov.ru/	4%	Virustotal		Browse
http://retracker.spark-rostov.ru/	0%	Avira URL Cloud	safe

Domains and IPs Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
retracker.spark-rostov.ru	195.22.28.198	true	false	4%, Virustotal, Browse	unknown
googlehosted.l.googleusercontent.com	142.250.184.65	true	false		high
clients2.googleusercontent.com	unknown	unknown	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://dns.google	c87d79ac-0d2c-4f16-95fa-f0b46731c931.tmp.1.dr, 5367fb07-9211-427f-a450-053ed65d8948.tmp.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://clients2.googleusercontent.com	c87d79ac-0d2c-4f16-95fa-f0b46731c931.tmp.1.dr	false		high
http://retracker.spark-rostov.ru/	Current Session.0.dr	false	4%, Virustotal, Browse Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved		unknown	unknown	false
195.22.28.198	unknown	Portugal		8426	CLARANET-ASClaraNETLTDGB	false

Private

IP
192.168.2.1
127.0.0.1

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	358377
Start date:	25.02.2021
Start time:	14:56:53
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 2m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://retracker.spark-rostov.ru
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	UNKNOWN
Classification:	unknown0.win@15/28@2/4
Cookbook Comments:	Adjust boot time Enable AMSI URL browsing timeout or error
Warnings:	Show All Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 131.253.33.200, 13.107.22.200, 51.11.168.160, 104.43.139.144, 168.61.161.212, 23.211.6.115, 104.43.193.48, 142.250.186.78, 142.250.180.109, 52.255.188.83, 216.58.205.78, 74.125.173.39, 142.250.180.163, 142.250.184.74, 142.250.184.106, 216.58.205.74, 142.250.180.74, 142.250.180.106, 142.250.180.138, 142.250.180.170, 216.58.208.170, 216.58.209.42, 142.250.184.42 Excluded domains from analysis (whitelisted): www.bing.com, arc.msn.com.nsatc.net, accounts.google.com, skypedataprdcolcus17.cloudapp.net, store-images.s-microsoft.com-c.edgekey.net, clientservices.googleapis.com, skypedataprdcolcus16.cloudapp.net, www.googleapis.com, arc.msn.com, r1.sn-4g5e6nlk.gvt1.com, skypedataprdcolcus15.cloudapp.net, dual-a-0001.dc-msedge.net, e12564.dspb.akamaiedge.net, skypedataprdcoleus17.cloudapp.net, r1---sn-4g5e6nlk.gvt1.com, clients2.google.com, a-0001.a-afdentry.net.trafficmanager.net, redirector.gvt1.com, store-images.s-microsoft.com, www-bing-com.dual-a-0001.a-msedge.net, blobcollector.events.data.trafficmanager.net, watson.telemetry.microsoft.com, clients.l.google.com
Errors:	URL not reachable

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Google\Chrome\User Data\7a1e976f-2208-46db-9c3d-345f067ed372.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	165070
Entropy (8bit):	6.082011106663455
Encrypted:	false
SSDEEP:	3072:YhTc7JHn8wORviw6G0rtBw8vvg1mi81FcbXafIB0u1GOJmA3iuRFi:qTc7W/qw6GWw8vdaqfIlUOoSiuRA
MD5:	CB9E957F936089E69A4BB073F287DB90
SHA1:	0D2E70DBF446C548DEB3CC9EF8032CE7F54CEF1D
SHA-256:	4F675BE87F770788F50AABCEB4351EDD6E4A9669E5CBE7E439212C65A8F86DC3
SHA-512:	BA7F2E58BE795F5FBD5BC4376F5D19C268E928640152A016EE5A7A6E08B82EA44CC8A7CB5D775F362A8CB105ADEBBD61F99A8F2FC1A3C56806A6FE7A6EAC1BAF
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en-GB"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.614261462977431e+12,"network":1.614261465e+12,"ticks":303406769.0,"uncertainty":4539529.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABaHlwIoHYlQKZwuwW8V0yxAAAAAAIAAAAAABBmAAAAAQAAIAAAAOT4j8Zm9U1zXX6oEUpPqIYBIjSlOiLGeiMKiIFJZDroAAAAAA6AAAAAAgAAIAAAAFW1OavBhyV7qwszPZbindD+KU2Osh5O7HSmDPpFnuCDMAAAAGEkmqbufgFUSmOzx4cW7Aup7spqps4DvqbPrwRgUGqSpRZvQkbO+yVH56WF9zMTt0AAAAAyRwtYxjf7/AqYrFr0JZ6kbTiUt0/2PKkCw7ntLtbN2qrad7I3MeL4iNGDFgqRlhWgsb/6w0gJzQxAfL6rdzxi"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715401452"},"plugins":{"metadata":{"adobe-flash-player":{"d

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.3041625260016576
Encrypted:	false
SSDEEP:	3:FkXwgs0oRL6twgs0oRL6twgs0oRLn:+taRL+taRL+taRLn
MD5:	E6C1693D9F0F6B6E878D098FBFD4C92A
SHA1:	D9D2708143B4A3BA5D14DFED59DCB6B88DF172D9
SHA-256:	E9DA6B8F6549D084D8740EB4C25755989B057EBF4F36B5E526F34DFFAB7500CF
SHA-512:	19B28BFE66708B294AB033C2F87D219E1C29D4F9363AC92E89B9406F6E2ACB13AD5DF73DD7E163D1ADEC0AF89C42DA112AE153EB23378EC29302F91192B7C5A9
Malicious:	false
Reputation:	low
Preview:	sdPC.....................UO..E.D.Q.o....sdPC.....................UO..E.D.Q.o....sdPC.....................UO..E.D.Q.o....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\01fde022-60b9-47a4-bbcd-2ae856f4cb56.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1041
Entropy (8bit):	5.570199936836376
Encrypted:	false
SSDEEP:	24:Ym6H0UhsSTG1KUeiXzkq/HeUe8zUeU7wUIbRUeiQ:Ym6UUhyKUeiYqPeUekUeCwUAUeP
MD5:	7FF709EEFCB6E260A3533F85C4EB7486
SHA1:	D211E0077381C1420145A8460C89184FD0BF71B9
SHA-256:	0B743191F69AD2BF1B1A9501FA1BE669D8C2D94FC4E8163C3AB0B125D55AB74F
SHA-512:	5C05D9AB7252544D33C90E9B7996BAB562DDA352060CC39E6DC538A8D5E651EF852E62929098BB50AAE02FEE304AC9B4D26B024050409D77A4ACE0A4D24A03BA
Malicious:	false
Reputation:	low
Preview:	{"expect_ct":[],"sts":[{"expiry":1632986995.029294,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601450995.029298},{"expiry":1632986994.959502,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601450994.959505},{"expiry":1632987007.31909,"host":"0J7rAWV0ouCFYJ9XrkDiKnAO1SshXJmLJE1SS3V8kDM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601451007.319093},{"expiry":1632987013.78633,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601451013.786337},{"expiry":1645797462.846401,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1614261462.846406},{"expiry":1632986995.164829,"host":"+ccWXqaoHJ9hfuXbleKV6FQUrBlyXAJ31BdqjNQJpHs=","mode":"force-https","sts_include_subdomains":false,"sts_o

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2266c811-de13-407c-8057-c7705d4adf3f.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4782
Entropy (8bit):	4.924103830381364
Encrypted:	false
SSDEEP:	48:YcqNkMklirjqAORqTlYGlQuoTw0parf4MqM8C1Nfct/9BhUJo3KhmeSnpNGzFeLD:nQkt4pIVri5k0JCKL8bbOTlVuHn
MD5:	8F8DA5D128436C1184A7928AF3EFFE0F
SHA1:	621E70B1EA8F4D98AE6DB3C0DF8E09A8E814F5DE
SHA-256:	1DC3D650E3FFDB2015B9A2DC52769192F3A601EF5FEA4AF2DF116A3CF603F16C
SHA-512:	44C1B09EC23B40EC5EDAC14B264AE7313FFEFB042788342305C7BD71044F24E76609A550E365879AA26BD034DDDACD2BC9997A5B9B3B178BC4A308B5C4EA1B70
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13258735059141329","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245924509391818","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"bookmark_bar":{"show_on_all_tabs":false},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","2042016"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0"

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2b7b8d77-a95d-4ab7-90b2-d49121ace0bd.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	16763
Entropy (8bit):	5.577982667358384
Encrypted:	false
SSDEEP:	384:glEtkLlFBXt1kXqKf/pUZNCgVLH2HfDprUm8XP4G:KLlrt1kXqKf/pUZNCgVLH2Hf9rUm4P1
MD5:	1604F019C0B726F702556E9A10AC894D
SHA1:	96389CF322A2C6158B42F9CE75F65E5541EA7789
SHA-256:	14236131DF8731F6D6CEBA6D3ADDDD38F20F50DB1AF0C35E6CD143A9F9876BC5
SHA-512:	504097674A77C3FD2E8EC147D85B64BF1B7A322209723D8ADE597F534A5E6D20A3A2DC27084B38F4CF7AAE7320B87B453A434D91677ADB73A7A654ADCE0F64B3
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13258735058840068","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\562c90e2-0efb-44d8-9bee-78f1662b7c88.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Reputation:	low
Preview:	.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	931
Entropy (8bit):	3.180281591171818
Encrypted:	false
SSDEEP:	12:3olydJhwDB9/7U6PlpxlpNVOrYlpyKdjAIlyxRKAfRedjAxr:34SAjtlrlJXlwIlyaw/
MD5:	5B075D47E8AFA591A803CFA8308F46D0
SHA1:	53EDDE178A22386AB979E8CD10C9E44AC943BD3F
SHA-256:	374C0D8617878BF41BFA1F268C6A6C3B74832A5BB3076A93FCACF5B62A68D232
SHA-512:	C5B5667D4A9255FB6C5B3B5843486DCE5ACA7E3F0A67146CE330672009D4DFE83C97A1FFCCAFC2A7F4ADBF4C9B8B8A3A5B11486DFD7A70D51CE1A088B3857891
Malicious:	false
Reputation:	low
Preview:	SNSS....................................................!.............................................1..,.......$...620cafcb_7f02_47af_a175_09ee3e1fc47e.........................................................................................................5..0.......&...{730C75E3-B87A-4292-818B-DC8F984D08AE}........................................A..<...........!...http://retracker.spark-rostov.ru/.......................................................h.......`.......................................................Z.L.)...[.L.)...........................................J...!...h.t.t.p.:././.r.e.t.r.a.c.k.e.r...s.p.a.r.k.-.r.o.s.t.o.v...r.u./.......................................8.......0.......8....................................................................... .......................................................!...http://retracker.spark-rostov.ru/....... o.../.............................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	1.8112781244591325
Encrypted:	false
SSDEEP:	3:3Dtn:3h
MD5:	0686D6159557E1162D04C44240103333
SHA1:	053E9DB58E20A67D1E158E407094359BF61D0639
SHA-256:	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
SHA-512:	884C0D3594390E2FC0AEAB05460F0783815170C4B57DB749B8AD9CD10741A5604B7A0F979465C4171AD9C14ED56359A4508B4DE58E794550599AAA261120976C
Malicious:	false
Reputation:	low
Preview:	SNSS....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	126
Entropy (8bit):	4.569580985472087
Encrypted:	false
SSDEEP:	3:FQxlXayz/t2Hmwg0EOZL7Ao4uhFkEuRLKyC54:qT5z/t2qoEwhXeLKI
MD5:	F9672B4DD4FE52E26F179EAF35E69B22
SHA1:	DE3C80E35851DFAD51E1FD0F35E90EC5C223B739
SHA-256:	11F36B4E7449BA10E1E24571A5DE3A67918F8B971A2B2B43FFC549492C00DEC5
SHA-512:	898A55D8F35DA209FA85E9F94654CFA12859D411740394BBA1A909FA77109B0FB6F36D5E7B4AFA7F8CCBF6BE407E01421229E7EC241906A9ECCCAE852622609B
Malicious:	false
Reputation:	low
Preview:	.f.5................i.Wd...............Sgdaefkejpgkiemlaofpalmlakkmbjdnl.declarative_rules.declarativeContent.onPageChanged.[]

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.275543379435252
Encrypted:	false
SSDEEP:	6:mNI40eaq2Pwkn23iKKdK8aPrqIFUtpeI4sZmwPeI42ekwOwkn23iKKdK8amLJ:140eavYf5KkL3FUtpl4s/Pl4t5Jf5Kkc
MD5:	9E52B7C8C5FDCE403C314AA74D0E8C0A
SHA1:	E05F7E6E48C79979F57C6E1A3C9396EA9066E110
SHA-256:	7C90564A564B198DCBDC515B831F66236EEBC0D9BAD9305C23E8DF9D4207B584
SHA-512:	58501C28CBF5DCC09844DDF7664298F25C9EAE9A3A4A89B665B966CACE4F0B9EA47AAD90D1B2BA5535E30CA7163197B1223311F4E56119F2BCA9DC83066225E0
Malicious:	false
Reputation:	low
Preview:	2021/02/25-14:57:39.147 1b84 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2021/02/25-14:57:39.148 1b84 Recovering log #3.2021/02/25-14:57:39.149 1b84 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	456
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWWWW
MD5:	F23D2DF21A39AA8D814CADE6C37856C8
SHA1:	233E65707015A53F83A0D53DB03A4AF8FAB21EA6
SHA-256:	C5CE9AAF8FFDCB8A00463A7BF24001885E0A792F110C8DB74A1E2F4392CB0E31
SHA-512:	A7B50B8CAFBA80F6BACA44B260F8379852C4176F3DD57168812F3B4B811D2FF340F09F8CE625CC2ADECAB2851CC33725CB729548A3DA98B041387C7952077918
Malicious:	false
Reputation:	low
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.214315531684159
Encrypted:	false
SSDEEP:	6:mNI4wNwNAVq2Pwkn23iKKdK8NIFUtpeI4wfAgZmwPeI4wPsLAIkwOwkn23iKKdK2:14wNwSVvYf5KkpFUtpl4wog/Pl4wrI5w
MD5:	6CE42D819F6DEC24A2C0110AAF562439
SHA1:	EF40E7550F73037161CF51EF6B3D493C631F1A64
SHA-256:	AA34AB4E56DBFB34BF0903EE7E28DFA33D212325C954C8BFD1683B46908F60E7
SHA-512:	007DCD9074705272FC6A42D3ADD0E1BDD93AD6D27CCD4784C1ADC11A12FE3DE2DB4AAF73678D90506B06AB814A51EF5E0AF7D2586F49A383DBC4315B6745B462
Malicious:	false
Reputation:	low
Preview:	2021/02/25-14:57:42.354 1b44 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/02/25-14:57:42.355 1b44 Recovering log #3.2021/02/25-14:57:42.356 1b44 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.24668785590903
Encrypted:	false
SSDEEP:	6:mNI4zL+q2Pwkn23iKKdK8a2jMGIFUtpeI4KUvKWZmwPeI4A5LVkwOwkn23iKKdKw:14n+vYf5Kk8EFUtpl4KUvKW/Pl4oV5J0
MD5:	7E0EACC71B2B18B4CDB89BA18C4F0CFB
SHA1:	752AD783830BFAFB8AA9C5297C19FC1177D28F7A
SHA-256:	F9DB30B17019FBC0D7252997E9692BAE144390D3382E8C1774C8FB0D0273C0E7
SHA-512:	5338769D3DC3BB14F7AEC3640AB73BA9B65131EEEF226EB4DFE02A18A53FD0B33ADA0F5B36430A747A762C4EF3220692CFCCE73D22FF9A307C54F75A7FCB60B9
Malicious:	false
Reputation:	low
Preview:	2021/02/25-14:57:38.858 1b3c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2021/02/25-14:57:38.863 1b3c Recovering log #3.2021/02/25-14:57:38.864 1b3c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.276587163246607
Encrypted:	false
SSDEEP:	6:mNI4KXq2Pwkn23iKKdKgXz4rRIFUtpeI4KVZmwPeI4KHkwOwkn23iKKdKgXz4q8d:14KXvYf5KkgXiuFUtpl4KV/Pl4KH5JfR
MD5:	141FEB33ABD3CE830831AAAD1B1171E2
SHA1:	6F591AFCC7A7F6B4EF93E1E13594F066122365FB
SHA-256:	531EB35949E71F215DBA3BA53BEF4B351B43E61C056F9288BA3135E1FEBED749
SHA-512:	B2F7F9879330C4295BE892050DA701FDB19A0E48881DE91D7F6FF8B74B3C5F1329C8E2F973D5C49B486EB828BF19CE5FA34F4CBB9D08DF0E1695F4E84C341073
Malicious:	false
Reputation:	low
Preview:	2021/02/25-14:57:39.170 1b84 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/MANIFEST-000001.2021/02/25-14:57:39.171 1b84 Recovering log #3.2021/02/25-14:57:39.171 1b84 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	95
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5ljljljljl:5ljljljljl
MD5:	181ED05FAE6D31CDBFC2680CB632F859
SHA1:	B6391180B7167969686A3986E06D975F4CE67FAD
SHA-256:	62150C5EA1D8CFDE4916440F9662C32F3DCC1207BBC5441536D121EC683607E4
SHA-512:	40D79847C0420FA9395511DAA271B735ABD60CB55983F23DBF9552E56AAE1D915058D6D236D37D433FA7B16567957DB2C515BDB61B9032003914FF34EFA26BB5
Malicious:	false
Reputation:	low
Preview:	..&f.................&f.................&f.................&f.................&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.200038758737455
Encrypted:	false
SSDEEP:	6:mNI4GAVq2Pwkn23iKKdKrQMxIFUtpeI4iAgZmwPeI4dAIkwOwkn23iKKdKrQMFLJ:14XVvYf5KkCFUtpl4jg/Pl4CI5Jf5Kkf
MD5:	ED5547A75A30664A7082F866F9D263F7
SHA1:	588083AF249DFABEC2A2B225011CD9501BB9133D
SHA-256:	88B1F68A061D3D86C82B6353E542FB810AE3A6D73607367B5CE63641BC5446A6
SHA-512:	AFD5C629D1515CC5860A4CD27E0DA57F3E326FE00CAE1418E0F6A2FAF8D914330594FC22B89D24A4728F9C96F68DA0F4397E3E8DED043936FE16790DBDFF4CC5
Malicious:	false
Reputation:	low
Preview:	2021/02/25-14:57:39.085 1b44 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2021/02/25-14:57:39.100 1b44 Recovering log #3.2021/02/25-14:57:39.101 1b44 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.191410808376061
Encrypted:	false
SSDEEP:	6:mNI4KQ+q2Pwkn23iKKdK7Uh2ghZIFUtpeI4xNgZmwPeI4hQVkwOwkn23iKKdK7UT:14KVvYf5KkIhHh2FUtpl4xNg/Pl4hI5y
MD5:	0793D292739601DC955964E563C0CBF6
SHA1:	87B89A04E9B487A9C6058B0350CB3B90DE835DF9
SHA-256:	02E5835177EE5D4B2859F02AD8CB80CA4A3AB5D14063DABF1A1DAD02D6AB21D9
SHA-512:	46109597DD8B36CB0F269614A912EE23754B8FDA0B2256AB64BC1EE45C7DD66C5B8EE8ACA8F02563AD05E62592FD2A74E210682B06EF05AD4319D42F626513C8
Malicious:	false
Reputation:	low
Preview:	2021/02/25-14:57:38.820 1b38 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/MANIFEST-000001.2021/02/25-14:57:38.821 1b38 Recovering log #3.2021/02/25-14:57:38.823 1b38 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\5367fb07-9211-427f-a450-053ed65d8948.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	325
Entropy (8bit):	4.971623449303805
Encrypted:	false
SSDEEP:	6:YHpoNXR8+eq7JdV5p7DHJShsDHF4R8HLJ2AVQBR70S7PMVKJw1K3KnMRK3VY:YHO8sdHfHYhsBdLJlyH7E4f3K33y
MD5:	8CA9278965B437DFC789E755E4C61B82
SHA1:	5776B6C90CA1D2DDC765ED673B5E6DC8E167F0D6
SHA-256:	A57D9231244C1FBDE58A1BF50CAD3A1E3EA28D042BFA272782B65139446E7C51
SHA-512:	3065FE0743AD88E02F8C8FF6CF03B832B616DD08061EAE25A5106422228D45EB999EE2CBE4E9C96D5FFC108CB817766240E27BF97E3E5C2A58081D369E2968F8
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248516514667526","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	296
Entropy (8bit):	0.19535324365485862
Encrypted:	false
SSDEEP:	3:8E:8
MD5:	C4DF0FB10C4332150B2C336396CE1B66
SHA1:	780A76E101DE3DE2E68D23E64AB1A44D47A73207
SHA-256:	18FAB4D13CDA7E1DEE12DC091019A110A7304B6A65FC9A1F3E6173046BA38EF6
SHA-512:	51F0B463E97063A2357285D684FF159FDF6099E57C46F13C83E9D3F09D7A7CF03C1BA684BCCF36232FC50834F95953C3C68675C7B05AB4F84DEF1C566A5F3F5E
Malicious:	false
Reputation:	low
Preview:	.'..(...................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	430
Entropy (8bit):	5.262290839104248
Encrypted:	false
SSDEEP:	12:14pVvYf5KkFFUtpl4Sg/Pl44iI5Jf5KkOJ:6p5Yf5KkfgoStzSJf5KkK
MD5:	3AD20A9056D27606EEA12A155171AD3A
SHA1:	1D5846425EC85679332B1A15EDFC326FC6141C14
SHA-256:	404454E7436488BC78F58594A73B706F9562EFCD261390C0A0D4CAE5268E52E9
SHA-512:	39BEE0D5F3DD22EC50AD72E7FECD83AB9C02F8B4CAFBE492E8562243F4B031FC36063F16D7A5F314F048CEF48F894D408D3C9D5A4EEABB4E1A3FDD84EA59A798
Malicious:	false
Reputation:	low
Preview:	2021/02/25-14:57:39.111 1b44 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/MANIFEST-000001.2021/02/25-14:57:39.112 1b44 Recovering log #3.2021/02/25-14:57:39.113 1b44 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	432
Entropy (8bit):	5.317879420360436
Encrypted:	false
SSDEEP:	12:14KaRSVvYf5KkmiuFUtpl4KHg/Pl4KHI5Jf5Kkm2J:6Ka05Yf5KkSgoKHtKHSJf5Kkr
MD5:	36C75B09594D3D333FB4821725A541DF
SHA1:	47CBFAF32A4CCAFD6A603B789ACB30A766FB6133
SHA-256:	268F6E9FBFCD18CB6500013A1044DD7AB1838A5F9B95D4B27AAC836A069D16BD
SHA-512:	7C0E0FE177B0162E49FD2200A89932B74F2AF3F348466D875F684B85EF1700953B138566F30D1BD21E263D3CE2F1D4786CC9E51CC1976480897D1D07964B1322
Malicious:	false
Reputation:	low
Preview:	2021/02/25-14:57:39.174 1b44 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/MANIFEST-000001.2021/02/25-14:57:39.176 1b44 Recovering log #3.2021/02/25-14:57:39.176 1b44 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5l:5l
MD5:	E556F26DF3E95C19DBAECA8F5DF0C341
SHA1:	247A89F0557FC3666B5173833DB198B188F3AA2E
SHA-256:	B0A7B19404285905663876774A2176939A6ED75EF3904E44283A125824BD0BF3
SHA-512:	055BC4AB12FEEDF3245EAAF0A0109036909C44E3B69916F8A01E6C8459785317FE75CA6B28F8B339316FC2310D3E5392CD15DBDB0F84016667F304D377444E2E
Malicious:	false
Reputation:	low
Preview:	..&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	418
Entropy (8bit):	5.254404556939772
Encrypted:	false
SSDEEP:	12:14aCVvYf5KkMFUtpl4kg/Pl4tI5Jf5KkTJ:6aC5Yf5KkUgokttSJf5Kkl
MD5:	9BDAD365FA05D520BD431422E5ECF6B4
SHA1:	B00FBABEF06594B7C2D581EDD1E80FC39B11406F
SHA-256:	B6F2704316CDF1047FB5F85329C2030549878CF08AB8AC72ABAA7406195CAD62
SHA-512:	A2CE3E1BA78026B51A6DC9AF5EF11B57B9D4A8BEA9C9A31FF96F6C938ADDB328B70B4515B89569612806A7D07BE55815B341A6BB21D437A4761606D8C5492471
Malicious:	false
Reputation:	low
Preview:	2021/02/25-14:58:00.325 1b44 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/MANIFEST-000001.2021/02/25-14:58:00.326 1b44 Recovering log #3.2021/02/25-14:58:00.327 1b44 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	38
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:sgGg:st
MD5:	45A8ECA4E5C4A6B1395080C1B728B6C9
SHA1:	8A97BB0E599775D9A10C0FC53C4EDB29AA4CEB4E
SHA-256:	DB320AB28DFF27CDA0A7F87B82F2F8E61B3178A6DE8503753D76F1172D32E08E
SHA-512:	8EE91A3A1E77459273553F6A776C423A8EE95DB9DCFA897771814B7AD13FD84F06BB2B859F22B6DDA384B39EAA91F1819F170BABED6DA16BDBCF5BCB06CF2124
Malicious:	false
Reputation:	low
Preview:	..F..................F................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.2878359968882895
Encrypted:	false
SSDEEP:	6:mNI4N+q2Pwkn23iKKdKpIFUtpeI4jyZmwPeI4JOtVkwOwkn23iKKdKa/WLJ:14IvYf5KkmFUtpl4jy/Pl4QT5Jf5KkaQ
MD5:	508DE09A84275FB0305B36A841AFAE85
SHA1:	A645C6FBB379D379A76FEE2959698FCD0F606DFF
SHA-256:	402D3C3FDC57BBEA5E735508C5B552B5ADF11BBDB2F02C4281149FA3A17F8022
SHA-512:	D81788FD7C7A84C5F56EE9D07D65AF103D3A6ABBB3F09A89C7BA797C516DBC743724573B6C57E1CAC33BC9F662D96E79D52910367F43E8E66784D22A3816084C
Malicious:	false
Reputation:	low
Preview:	2021/02/25-14:57:38.847 1b48 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2021/02/25-14:57:38.855 1b48 Recovering log #3.2021/02/25-14:57:38.857 1b48 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c87d79ac-0d2c-4f16-95fa-f0b46731c931.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3473
Entropy (8bit):	4.884843136744451
Encrypted:	false
SSDEEP:	96:6FGX0G70GhIGpyGzRDYLiEHYDBKGzUGaCGjHGESHG/OG6mhM:6Fe0i0sIIyGzRDYLiEHYDBKSUpCQHrSP
MD5:	494384A177157C36E9017D1FFB39F0BF
SHA1:	CE5D9754A70CD84CEE77C9180DB92C69715BE105
SHA-256:	07CF0A5189FAD30A4AA721F4F6DA1B15100991115833EACFA1E2DC84A1B54337
SHA-512:	BFB80EEC0C0B5D9E487047703BE49826321A4D249422E0C81E978E6C8A310F41C7B4B8F849229BA87484FDF4831DD6A98FF994D0FDA5CE3D341CE615C15F2F1C
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248516607497410","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":27387},"server":"https://www.gstatic.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248516607334226","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":34287},"server":"https://ssl.gstatic.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248516607463627","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31787},"server":"https://fonts.gstatic.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248516607318875","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":23359},"server":"https://apis.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.8150724101159437
Encrypted:	false
SSDEEP:	3:Yx7:4
MD5:	C422F72BA41F662A919ED0B70E5C3289
SHA1:	AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632
SHA-256:	02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
SHA-512:	86010ED2B2EEBDCC5A8A076B37703669C294C6D1BFAAEA963E26A9C94B81B4C53EC765D9425E5B616159C43923F800A891F9B903659575DF02F8845521F8DC46
Malicious:	false
Reputation:	low
Preview:	85.0.4183.121

C:\Users\user\AppData\Local\Google\Chrome\User Data\f858f007-b9fe-47b0-93a7-b545b4c19620.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	165070
Entropy (8bit):	6.082011398638189
Encrypted:	false
SSDEEP:	3072:Yn1c7JHn8wORviw6G0rtBw8vvg1mi81FcbXafIB0u1GOJmA3iuRFi:E1c7W/qw6GWw8vdaqfIlUOoSiuRA
MD5:	A447103479FBC87CEA2F860255304CAC
SHA1:	2F0C4674E7896AD5CF242C53502721A30CDD8592
SHA-256:	3A38936D62EF4003293EADFBA981F2BBCB7D03788313E067E2C593A7C9DDFA1E
SHA-512:	FCEA65060624C680C193F164FA52EA563E39DF1A434B5DAC426ED2BF5392E0EABB02363781437E2291C6DA7B7A5B4FA80320D0154D0A70B37F493D138DB0E5DB
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en-GB"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.614261462977431e+12,"network":1.614261465e+12,"ticks":303406769.0,"uncertainty":4539529.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABaHlwIoHYlQKZwuwW8V0yxAAAAAAIAAAAAABBmAAAAAQAAIAAAAOT4j8Zm9U1zXX6oEUpPqIYBIjSlOiLGeiMKiIFJZDroAAAAAA6AAAAAAgAAIAAAAFW1OavBhyV7qwszPZbindD+KU2Osh5O7HSmDPpFnuCDMAAAAGEkmqbufgFUSmOzx4cW7Aup7spqps4DvqbPrwRgUGqSpRZvQkbO+yVH56WF9zMTt0AAAAAyRwtYxjf7/AqYrFr0JZ6kbTiUt0/2PKkCw7ntLtbN2qrad7I3MeL4iNGDFgqRlhWgsb/6w0gJzQxAfL6rdzxi"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715401452"},"plugins":{"metadata":{"adobe-flash-player":{"d

Static File Info

No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 49
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 25, 2021 14:57:43.011604071 CET	49732	80	192.168.2.4	195.22.28.198
Feb 25, 2021 14:57:43.012562990 CET	49733	80	192.168.2.4	195.22.28.198
Feb 25, 2021 14:57:43.201527119 CET	49735	80	192.168.2.4	195.22.28.198
Feb 25, 2021 14:57:46.012495041 CET	49732	80	192.168.2.4	195.22.28.198
Feb 25, 2021 14:57:46.070116043 CET	49733	80	192.168.2.4	195.22.28.198
Feb 25, 2021 14:57:46.270170927 CET	49735	80	192.168.2.4	195.22.28.198
Feb 25, 2021 14:57:52.019875050 CET	49732	80	192.168.2.4	195.22.28.198
Feb 25, 2021 14:57:52.070844889 CET	49733	80	192.168.2.4	195.22.28.198
Feb 25, 2021 14:57:52.270860910 CET	49735	80	192.168.2.4	195.22.28.198
Feb 25, 2021 14:58:04.335390091 CET	49767	80	192.168.2.4	195.22.28.198
Feb 25, 2021 14:58:04.335789919 CET	49768	80	192.168.2.4	195.22.28.198
Feb 25, 2021 14:58:04.588053942 CET	49769	80	192.168.2.4	195.22.28.198
Feb 25, 2021 14:58:07.336021900 CET	49767	80	192.168.2.4	195.22.28.198
Feb 25, 2021 14:58:07.336940050 CET	49768	80	192.168.2.4	195.22.28.198
Feb 25, 2021 14:58:07.588042021 CET	49769	80	192.168.2.4	195.22.28.198
Feb 25, 2021 14:58:13.372399092 CET	49767	80	192.168.2.4	195.22.28.198
Feb 25, 2021 14:58:13.504628897 CET	49768	80	192.168.2.4	195.22.28.198
Feb 25, 2021 14:58:13.672463894 CET	49769	80	192.168.2.4	195.22.28.198

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 25, 2021 14:57:30.055149078 CET	59123	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:30.106750011 CET	53	59123	8.8.8.8	192.168.2.4
Feb 25, 2021 14:57:30.306359053 CET	54531	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:30.357909918 CET	53	54531	8.8.8.8	192.168.2.4
Feb 25, 2021 14:57:30.788434982 CET	49714	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:30.839497089 CET	53	49714	8.8.8.8	192.168.2.4
Feb 25, 2021 14:57:31.736483097 CET	58028	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:31.785504103 CET	53	58028	8.8.8.8	192.168.2.4
Feb 25, 2021 14:57:32.104931116 CET	53097	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:32.164251089 CET	53	53097	8.8.8.8	192.168.2.4
Feb 25, 2021 14:57:32.678066015 CET	49257	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:32.727099895 CET	53	49257	8.8.8.8	192.168.2.4
Feb 25, 2021 14:57:33.663789034 CET	62389	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:33.717236042 CET	53	62389	8.8.8.8	192.168.2.4
Feb 25, 2021 14:57:34.881809950 CET	49910	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:34.933295965 CET	53	49910	8.8.8.8	192.168.2.4
Feb 25, 2021 14:57:38.391428947 CET	55854	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:38.443031073 CET	53	55854	8.8.8.8	192.168.2.4
Feb 25, 2021 14:57:42.183634043 CET	52991	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:42.240958929 CET	53	52991	8.8.8.8	192.168.2.4
Feb 25, 2021 14:57:42.950567007 CET	53700	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:42.950889111 CET	51726	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:42.955972910 CET	56794	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:43.000833035 CET	53	51726	8.8.8.8	192.168.2.4
Feb 25, 2021 14:57:43.006300926 CET	53	56794	8.8.8.8	192.168.2.4
Feb 25, 2021 14:57:43.024776936 CET	53	53700	8.8.8.8	192.168.2.4
Feb 25, 2021 14:57:43.253206015 CET	56534	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:43.304312944 CET	53	56534	8.8.8.8	192.168.2.4
Feb 25, 2021 14:57:43.520761013 CET	56627	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:43.569430113 CET	53	56627	8.8.8.8	192.168.2.4
Feb 25, 2021 14:57:43.712810993 CET	56621	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:43.777673960 CET	53	56621	8.8.8.8	192.168.2.4
Feb 25, 2021 14:57:44.843187094 CET	64078	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:44.908505917 CET	53	64078	8.8.8.8	192.168.2.4
Feb 25, 2021 14:57:46.221705914 CET	64801	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:46.282202005 CET	53	64801	8.8.8.8	192.168.2.4
Feb 25, 2021 14:57:47.214205027 CET	52337	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:47.265685081 CET	53	52337	8.8.8.8	192.168.2.4
Feb 25, 2021 14:57:48.228655100 CET	55046	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:48.285618067 CET	53	55046	8.8.8.8	192.168.2.4
Feb 25, 2021 14:57:49.525099993 CET	49612	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:49.573796988 CET	53	49612	8.8.8.8	192.168.2.4
Feb 25, 2021 14:57:50.933954000 CET	49285	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:50.983191967 CET	53	49285	8.8.8.8	192.168.2.4
Feb 25, 2021 14:57:56.940819979 CET	59172	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:56.989717960 CET	53	59172	8.8.8.8	192.168.2.4
Feb 25, 2021 14:57:57.928762913 CET	62420	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:57.980408907 CET	53	62420	8.8.8.8	192.168.2.4
Feb 25, 2021 14:57:58.717068911 CET	60579	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:57:58.765752077 CET	53	60579	8.8.8.8	192.168.2.4
Feb 25, 2021 14:58:01.031691074 CET	50183	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:58:01.080581903 CET	53	50183	8.8.8.8	192.168.2.4
Feb 25, 2021 14:58:02.006282091 CET	61531	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:58:02.057936907 CET	53	61531	8.8.8.8	192.168.2.4
Feb 25, 2021 14:58:02.954261065 CET	49228	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:58:03.002969980 CET	53	49228	8.8.8.8	192.168.2.4
Feb 25, 2021 14:58:04.968915939 CET	59794	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:58:05.020410061 CET	53	59794	8.8.8.8	192.168.2.4
Feb 25, 2021 14:58:10.542496920 CET	55916	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:58:10.612656116 CET	53	55916	8.8.8.8	192.168.2.4
Feb 25, 2021 14:58:12.228760958 CET	52752	53	192.168.2.4	8.8.8.8
Feb 25, 2021 14:58:12.296924114 CET	53	52752	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Feb 25, 2021 14:57:42.955972910 CET	192.168.2.4	8.8.8.8	0xfa97	Standard query (0)	retracker.spark-rostov.ru	A (IP address)	IN (0x0001)
Feb 25, 2021 14:58:10.542496920 CET	192.168.2.4	8.8.8.8	0x9bf8	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Feb 25, 2021 14:57:43.006300926 CET	8.8.8.8	192.168.2.4	0xfa97	No error (0)	retracker.spark-rostov.ru		195.22.28.198	A (IP address)	IN (0x0001)
Feb 25, 2021 14:58:10.612656116 CET	8.8.8.8	192.168.2.4	0x9bf8	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Feb 25, 2021 14:58:10.612656116 CET	8.8.8.8	192.168.2.4	0x9bf8	No error (0)	googlehosted.l.googleusercontent.com		142.250.184.65	A (IP address)	IN (0x0001)

Code Manipulations

Statistics

CPU Usage

• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe

Click to jump to process

High Level Behavior Distribution

• File
• Registry

Click to dive into process behavior distribution

Behavior

• chrome.exe
• chrome.exe

Click to jump to process

System Behavior

Analysis Process: chrome.exe PID: 6780 Parent PID: 2932

Function Logs

General

Start time:	14:57:37
Start date:	25/02/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized 'http://retracker.spark-rostov.ru'
Imagebase:	0x7ff609c80000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

Key Opened

Key Value Modified

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Mutex Activities

Mutex Created

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

Thread Created

Thread Information Set

Show Windows behavior

Memory Activities

Memory Written

Memory Usage Statistics

Show Windows behavior

System Activities

Language or Locale ID Queried

System Information Queried

Show Windows behavior

Timing Activities

Show Windows behavior

Windows UI Activities

Window UI Enumerated

Show Windows behavior

Object Security Activities

Show Windows behavior

LPC Port Activities

Chronological Activities

Analysis Process: chrome.exe PID: 7028 Parent PID: 6780

Function Logs

General

Start time:	14:57:39
Start date:	25/02/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1628,10925581537474560952,16808046691822587767,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1704 /prefetch:8
Imagebase:	0x7ff609c80000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Section Activities

Sections loaded by Windows

Thread Activities

Thread Created

Thread Information Set

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

System Information Queried

Show Windows behavior

Windows UI Activities

Show Windows behavior

Object Security Activities

Show Windows behavior

LPC Port Activities

Chronological Activities

Disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report http://retracker.spark-rostov.ru

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: chrome.exe PID: 6780 Parent PID: 2932

General

File Activities

File Opened

File Created

File Written

Other File Operations

Volume Information Queried

Section Activities

Sections loaded by Windows

Sections loaded by Program

Registry Activities

Key Opened

Key Created

Key Deleted

Key Value Created

Key Value Modified