Edit tour

Windows Analysis Report
http://i.ytimg.com

Overview

General Information

Sample URL:	http://i.ytimg.com
Analysis ID:	1528261

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected non-DNS traffic on DNS port

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6892 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 7092 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1948,i,12991762715681519337,10758753145742440331,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 2988 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://i.ytimg.com" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

HTTP traffic detected: GET / HTTP/1.1Host: dravenstales.chConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: i.ytimg.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: i67.fastpic.ru
Source: global traffic	DNS traffic detected: DNS query: i67.fastpic.org
Source: global traffic	DNS traffic detected: DNS query: static.fastpic.org
Source: global traffic	DNS traffic detected: DNS query: dravenstales.ch
Source: global traffic	DNS traffic detected: DNS query: www.dravenstales.ch
Source: global traffic	DNS traffic detected: DNS query: en.dravenstales.ch
Source: global traffic	DNS traffic detected: DNS query: cdn.gtranslate.net
Source: global traffic	DNS traffic detected: DNS query: blogparade.ch
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: lh5.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: antidotelondon.com
Source: global traffic	DNS traffic detected: DNS query: res.cloudinary.com
Source: global traffic	DNS traffic detected: DNS query: www.big365win.com
Source: global traffic	DNS traffic detected: DNS query: is1-ssl.mzstatic.com
Source: global traffic	DNS traffic detected: DNS query: media.tenor.com

Source: unknown	Network traffic detected: HTTP traffic on port 60036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60220 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 60035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60253 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60278 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60202
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60201
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60200
Source: unknown	Network traffic detected: HTTP traffic on port 60128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 60162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60209
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60204
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60203
Source: unknown	Network traffic detected: HTTP traffic on port 60141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59987
Source: unknown	Network traffic detected: HTTP traffic on port 60229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59995
Source: unknown	Network traffic detected: HTTP traffic on port 60106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59990
Source: unknown	Network traffic detected: HTTP traffic on port 60003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59992
Source: unknown	Network traffic detected: HTTP traffic on port 59954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59991
Source: unknown	Network traffic detected: HTTP traffic on port 59977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59997
Source: unknown	Network traffic detected: HTTP traffic on port 60093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60241 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59999
Source: unknown	Network traffic detected: HTTP traffic on port 60153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60256 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60218 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60268 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60260
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60015
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60136
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60257
Source: unknown	Network traffic detected: HTTP traffic on port 59984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60134
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60255
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60133
Source: unknown	Network traffic detected: HTTP traffic on port 60263 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60132
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60253
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60010
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60131
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60252
Source: unknown	Network traffic detected: HTTP traffic on port 60022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60130
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60251
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60250
Source: unknown	Network traffic detected: HTTP traffic on port 60125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60234 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60018
Source: unknown	Network traffic detected: HTTP traffic on port 60068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60139
Source: unknown	Network traffic detected: HTTP traffic on port 60211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60138
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60259
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60258
Source: unknown	Network traffic detected: HTTP traffic on port 60033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60150
Source: unknown	Network traffic detected: HTTP traffic on port 60245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60271
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 60136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60270
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60026
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60147
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60268
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60146
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60267
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60266
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60265
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60143
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60264
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60142
Source: unknown	Network traffic detected: HTTP traffic on port 60160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60263
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60141
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60262
Source: unknown	Network traffic detected: HTTP traffic on port 59938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60140
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60261
Source: unknown	Network traffic detected: HTTP traffic on port 59920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60149
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60027
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60148
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60269
Source: unknown	Network traffic detected: HTTP traffic on port 59995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60161
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60282
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60160
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60281
Source: unknown	Network traffic detected: HTTP traffic on port 60114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60037
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60158
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60279
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60157
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60278
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60156
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60277
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60276
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60153
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60152
Source: unknown	Network traffic detected: HTTP traffic on port 60182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60030
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60151
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60272
Source: unknown	Network traffic detected: HTTP traffic on port 59927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60039
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60038
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60159
Source: unknown	Network traffic detected: HTTP traffic on port 60010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60051
Source: unknown	Network traffic detected: HTTP traffic on port 60091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60172
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60171
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60170
Source: unknown	Network traffic detected: HTTP traffic on port 60222 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60048
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60169
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60168
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60046
Source: unknown	Network traffic detected: HTTP traffic on port 60046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60045
Source: unknown	Network traffic detected: HTTP traffic on port 60264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60043
Source: unknown	Network traffic detected: HTTP traffic on port 60159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60164
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60163
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60162
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60283
Source: unknown	Network traffic detected: HTTP traffic on port 60233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60049
Source: unknown	Network traffic detected: HTTP traffic on port 59997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60213
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60212
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60211
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60210
Source: unknown	Network traffic detected: HTTP traffic on port 60184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60218
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60216
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60215
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60214
Source: unknown	Network traffic detected: HTTP traffic on port 60276 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60103
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60223
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60222
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60221
Source: unknown	Network traffic detected: HTTP traffic on port 59962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60220
Source: unknown	Network traffic detected: HTTP traffic on port 60044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60229
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60228
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60227
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60226
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60104
Source: unknown	Network traffic detected: HTTP traffic on port 59918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60114
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60235
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60234
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60233
Source: unknown	Network traffic detected: HTTP traffic on port 60265 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60110
Source: unknown	Network traffic detected: HTTP traffic on port 60127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60230
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60119
Source: unknown	Network traffic detected: HTTP traffic on port 60104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60239
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60238
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60237
Source: unknown	Network traffic detected: HTTP traffic on port 60089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60236
Source: unknown	Network traffic detected: HTTP traffic on port 59996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60004
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60125
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60246
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60245
Source: unknown	Network traffic detected: HTTP traffic on port 59985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60244
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60243
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60121
Source: unknown	Network traffic detected: HTTP traffic on port 60183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60241
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60240
Source: unknown	Network traffic detected: HTTP traffic on port 60067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60129
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60007
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60249
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60248
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60247
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60248 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60283 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60099
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60096
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60272 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60236 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60261 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60062
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60183
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60061
Source: unknown	Network traffic detected: HTTP traffic on port 60112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60182
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60181
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60059
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60055
Source: unknown	Network traffic detected: HTTP traffic on port 60158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60176
Source: unknown	Network traffic detected: HTTP traffic on port 60052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60054
Source: unknown	Network traffic detected: HTTP traffic on port 60135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60173
Source: unknown	Network traffic detected: HTTP traffic on port 60064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60073
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60191
Source: unknown	Network traffic detected: HTTP traffic on port 60075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60190
Source: unknown	Network traffic detected: HTTP traffic on port 59959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60189
Source: unknown	Network traffic detected: HTTP traffic on port 60262 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60067
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60188
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60187
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60186
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60185
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60063
Source: unknown	Network traffic detected: HTTP traffic on port 60181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60184
Source: unknown	Network traffic detected: HTTP traffic on port 60101 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60084
Source: unknown	Network traffic detected: HTTP traffic on port 60053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60081
Source: unknown	Network traffic detected: HTTP traffic on port 60246 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60080
Source: unknown	Network traffic detected: HTTP traffic on port 60076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60199
Source: unknown	Network traffic detected: HTTP traffic on port 59937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60198
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60197
Source: unknown	Network traffic detected: HTTP traffic on port 59982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60075
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60074
Source: unknown	Network traffic detected: HTTP traffic on port 59921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60095
Source: unknown	Network traffic detected: HTTP traffic on port 60113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60085
Source: unknown	Network traffic detected: HTTP traffic on port 60042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60212 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59948

Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.75:443 -> 192.168.2.17:59916 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:59917 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.189:443 -> 192.168.2.17:59918 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:59920 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@37/203@60/183

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1948,i,12991762715681519337,10758753145742440331,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://i.ytimg.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1948,i,12991762715681519337,10758753145742440331,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
i67.fastpic.org	164.132.225.66	true	false	unknown
plus.l.google.com	142.250.181.238	true	false	unknown
antidotelondon.com	188.114.96.3	true	false	unknown
i.ytimg.com	216.58.212.150	true	false	unknown
cdn.gtranslate.net	104.26.13.42	true	false	unknown
www.big365win.com	172.67.150.132	true	false	unknown
dvin.tdn.gtranslate.net	51.77.198.96	true	false	unknown
static.fastpic.org	51.77.200.203	true	false	unknown
dravenstales.ch	136.243.155.219	true	false	unknown
play.google.com	172.217.16.142	true	false	unknown
www.google.com	216.58.206.68	true	false	unknown
i67.fastpic.ru	51.77.200.203	true	false	unknown
googlehosted.l.googleusercontent.com	142.250.185.193	true	false	unknown
blogparade.ch	149.126.4.37	true	false	unknown
res.cloudinary.com	unknown	unknown	false	unknown
lh5.googleusercontent.com	unknown	unknown	false	unknown
is1-ssl.mzstatic.com	unknown	unknown	false	unknown
en.dravenstales.ch	unknown	unknown	false	unknown
media.tenor.com	unknown	unknown	false	unknown
www.dravenstales.ch	unknown	unknown	false	unknown
apis.google.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://www.dravenstales.ch/	false	unknown
https://i.ytimg.com/	false	unknown
http://dravenstales.ch/	false	unknown
https://i67.fastpic.org/	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.78	unknown	United States	15169	GOOGLEUS	false
142.250.186.67	unknown	United States	15169	GOOGLEUS	false
136.243.155.219	dravenstales.ch	Germany	24940	HETZNER-ASDE	false
142.250.181.234	unknown	United States	15169	GOOGLEUS	false
142.250.185.106	unknown	United States	15169	GOOGLEUS	false
216.58.206.35	unknown	United States	15169	GOOGLEUS	false
2.19.224.19	unknown	European Union	16625	AKAMAI-ASUS	false
142.250.181.238	plus.l.google.com	United States	15169	GOOGLEUS	false
104.26.13.42	cdn.gtranslate.net	United States	13335	CLOUDFLARENETUS	false
216.58.212.150	i.ytimg.com	United States	15169	GOOGLEUS	false
142.250.186.132	unknown	United States	15169	GOOGLEUS	false
23.35.236.40	unknown	United States	6461	ZAYO-6461US	false
149.126.4.37	blogparade.ch	Switzerland	47302	CYONCH	false
172.217.16.142	play.google.com	United States	15169	GOOGLEUS	false
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
74.125.133.84	unknown	United States	15169	GOOGLEUS	false
142.250.185.234	unknown	United States	15169	GOOGLEUS	false
172.67.150.132	www.big365win.com	United States	13335	CLOUDFLARENETUS	false
164.132.225.66	i67.fastpic.org	France	16276	OVHFR	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false
216.58.206.46	unknown	United States	15169	GOOGLEUS	false
142.250.185.193	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.174	unknown	United States	15169	GOOGLEUS	false
104.26.12.42	unknown	United States	13335	CLOUDFLARENETUS	false
188.114.96.3	antidotelondon.com	European Union	13335	CLOUDFLARENETUS	false
104.17.202.1	unknown	United States	13335	CLOUDFLARENETUS	false
51.77.200.203	static.fastpic.org	France	16276	OVHFR	false
51.77.198.96	dvin.tdn.gtranslate.net	France	16276	OVHFR	false
142.250.186.86	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1528261
Start date and time:	2024-10-07 17:57:57 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://i.ytimg.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@37/203@60/183

Warnings

Exclude process from analysis (whitelisted): TextInputHost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.35, 142.250.185.78, 74.125.133.84, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://i.ytimg.com

LLM Input / Output

Input	Output
URL: https://i67.fastpic.org/ Model: jbxai	{ "brand":[], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"403 Forbidden nginx/1.18.0 (Ubuntu)", "has_visible_qrcode":false}

URL: https://www.dravenstales.ch/ Model: jbxai	{ "brand":["Draven"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"ICH WILL ALLEST GIB MIR ALLES", "text_input_field_labels":["DC - Hells Bells", "Santa Claws & The Naughty But Nice Orchestra"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"Das Wort zum Sonntag aus der Gruft (via Tucker Mike)", "has_visible_qrcode":false}

Source: https://i.ytimg.com/	HTTP Parser: No favicon
Source: https://i67.fastpic.org/	HTTP Parser: No favicon

Source: https://www.dravenstales.ch/	HTTP Parser: No <meta name="author".. found
Source: https://www.dravenstales.ch/	HTTP Parser: No <meta name="author".. found

Source: https://www.dravenstales.ch/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.dravenstales.ch/	HTTP Parser: No <meta name="copyright".. found

Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:59914 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 14:58:31 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.987203439191665
Encrypted:	false
SSDEEP:
MD5:	9E8927A5180E53AA4C1F0443AAA89CF1
SHA1:	BAD124A4DBD91F703D889D502CB52E4E72070D30
SHA-256:	A30F71F5D675B01497CA42ABFEF375F926945F409D5F13F76A9C8A5D8878182B
SHA-512:	0101969A3CE31E9F3997802A33C9FCA8CA0AB84758436F78E1047D5F6FCA2B4A1EBC0CC223727253EEB11E929B8735CF996AA59CCEDDD239E96D40B9EA85A072
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....W..........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IGYF.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGYO.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VGYO.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VGYO............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VGYP............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............4.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 1680x720, Scaling: [none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	48450
Entropy (8bit):	7.992483346264493
Encrypted:	true
SSDEEP:
MD5:	100C9A5C7482B69069104DCDB71F69CD
SHA1:	CECA032485E79A0C6230B4B07B2F8EDC3DB58BE0
SHA-256:	D07A92CF1EE67943FB20D0FC345B8001BF784AF04991FF5C50401FF4F5C13115
SHA-512:	47080C8E4C789F4197B49542E1E5CDF170A43ACB165618E756890627F09E39D716F4024EF900D2B2D27F34CA76E0A2A48F1AEB1E29314D875F96ECF4D41EB6B1
Malicious:	false
Reputation:	unknown
URL:	"https://res.cloudinary.com/refind-inc/image/fetch/w_560,h_240,c_fill,q_auto,f_auto,d_refind:transparent.png,dpr_3.0/https://substackcdn.com/image/fetch/w_1200,h_600,c_fill,f_jpg,q_auto:good,fl_progressive:steep,g_auto/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F330c5286-31c7-4432-8fa5-86a17d596106_643x357.png"
Preview:	RIFF:...WEBPVP8 .............>a0.F.%).%..Y`..gn..m...0...........2.....l...l...B.\.~........v>K..f.u..l..g..s=./j.....,......z.....O>.............?..Y.@...U\k...~/-.m.....,M6};^.-....xt...Z...x....xTMo.:3.x.4b...is(.N..G..W.cM.Zu..M.]....K......p..\.p.\..eA.D@....R...cI.z.......$.dH...mg..#...#.&.iD..D.K.N..."u..;..E..c.....+Gj..P)F.V.C...HbRk{...\|>.`.%...t.....Vp..F........r...A.t.r.)....nA.Y.r..=...wta....(.p.[...Y...u..w..Y..+.R.#.....uy...t.;.'..C.R1...V...A.U..+.+.!........%...@Z. .i...[.>..'e..........cd.6p"0&....."f...'W%.a.0H}Q....D......Q.xR..r....j=..?...Po..D.u..z}....u..v.PF.....0.#GL/9...Vp...m...t$..v........uQv.L.....H{."MUE..L..$G.3..EJ.E...[B3..d.p..u....k+.8....@V.A..n..u....l.0f......c9.^H....\|.k.....fU...y8.1<..> ...p.H-VP.R....,....7.....+.*...4.U.........gZ.n.5.4...q.l.T?.K...........\|J.=..4......M..........X.e...H5.(...V..M..G].....vZ/..Y.a.&]...8I.I..^.).+......o....+w..zIf.O...i.lY.S9.HTI.?m....a)uc...!.&I...7

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1024
Entropy (8bit):	4.966832903786469
Encrypted:	false
SSDEEP:
MD5:	DFF29CBF5CD1038F746B6695FD28DE8C
SHA1:	1D3583684E71F675D055D30AB1B8EB23729856E0
SHA-256:	B25DBF79356C792C4ACC63517991B896705DA96CB55FA2F9CFC9C996238197EF
SHA-512:	D84DC667FD5C08A1DE1B21937802760B838BE51C29F35C1710FBB8A87A43B573A25FBAB49E22AA09657A2EAB3A7665CB6980502E293BC350305F582259A40AFA
Malicious:	false
Reputation:	unknown
URL:	https://www.dravenstales.ch/wp-content/plugins/fullscreen-background/public/css/fullscreen-background-public.css?ver=2.0.1
Preview:	/*.. All of the CSS for your public-facing functionality should be.. * included in this file... /.../ To make slideshow be background /....enweby-fullscreen-background .enwbfb-overlay{ position: fixed; top: 0; left: 0; content: ''; background-color: #000; opacity: 0.3; z-index: 2; height: 100%; width: 100%;}....enweby-fullscreen-video-background-wrapper video {...width: 100%; height: 100vh; top: 0;left: 0;...}....enweby-fullscreen-video-background-wrapper {.../ Telling our absolute positioned video to be relative to this element /...position: absolute;...height: 100vh;...width:100%;...z-index:-1;.../ Will not allow the video to overflow the container /...overflow: hidden;.../ Centering the container's content vertically and horizontally */...text-align: center;...display: flex;...align-items: center;...justify-content: center;...}......enweby-fullscreen-background-video #page,.enweby-fullscreen-background-video main,.enweby-fullscreen-background-video #site-content {posit

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2946)
Category:	downloaded
Size (bytes):	2981
Entropy (8bit):	5.174465669703351
Encrypted:	false
SSDEEP:
MD5:	492F2C1A7EA7EB83FE42E0FF7CB51AA2
SHA1:	DB36A77F6AAA2063BFBEC02C2C0E967438C5A245
SHA-256:	E174A58A503AB84B3D1B9DE12FD3895788204485170F1289E445F7B5B98EC789
SHA-512:	EEE6A1C268A519F4F281B2D76B5193BB068E94D1410372EF062587888589E139B20BB635E2331E97C857D7D835E9372F50822C5DAED29B139AB91FF5633C7A7F
Malicious:	false
Reputation:	unknown
URL:	https://www.dravenstales.ch/wp-includes/js/comment-reply.min.js?ver=6.6.2
Preview:	/! This file is auto-generated /.window.addComment=function(v){var I,C,h,E=v.document,b={commentReplyClass:"comment-reply-link",commentReplyTitleId:"reply-title",cancelReplyId:"cancel-comment-reply-link",commentFormId:"commentform",temporaryFormId:"wp-temp-form-div",parentIdFieldId:"comment_parent",postIdFieldId:"comment_post_ID"},e=v.MutationObserver\|\|v.WebKitMutationObserver\|\|v.MozMutationObserver,r="querySelector"in E&&"addEventListener"in v,n=!!E.documentElement.dataset;function t(){d(),e&&new e(o).observe(E.body,{childList:!0,subtree:!0})}function d(e){if(r&&(I=g(b.cancelReplyId),C=g(b.commentFormId),I)){I.addEventListener("touchstart",l),I.addEventListener("click",l);function t(e){if((e.metaKey\|\|e.ctrlKey)&&13===e.keyCode)return C.removeEventListener("keydown",t),e.preventDefault(),C.submit.click(),!1}C&&C.addEventListener("keydown",t);for(var n,d=function(e){var t=b.commentReplyClass;e&&e.childNodes\|\|(e=E);e=E.getElementsByClassName?e.getElementsByClassName(t):e.querySelectorA

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://i.ytimg.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 234

Chrome Cache Entry: 235

Chrome Cache Entry: 236

Chrome Cache Entry: 237

Chrome Cache Entry: 238

Chrome Cache Entry: 240

Chrome Cache Entry: 241

Chrome Cache Entry: 242

Chrome Cache Entry: 243

Chrome Cache Entry: 244

Chrome Cache Entry: 245

Chrome Cache Entry: 246

Chrome Cache Entry: 247

Chrome Cache Entry: 251

Chrome Cache Entry: 252

Chrome Cache Entry: 253

Chrome Cache Entry: 254

Chrome Cache Entry: 257

Chrome Cache Entry: 258

Chrome Cache Entry: 260

Chrome Cache Entry: 262

Chrome Cache Entry: 263

Chrome Cache Entry: 264

Chrome Cache Entry: 265

Chrome Cache Entry: 266

Chrome Cache Entry: 267

Chrome Cache Entry: 268

Chrome Cache Entry: 269

Chrome Cache Entry: 270

Chrome Cache Entry: 271

Chrome Cache Entry: 272

Chrome Cache Entry: 273

Windows Analysis Report
http://i.ytimg.com