Edit tour

Windows Analysis Report
https://www.nesting-software.com/downloads/

Overview

General Information

Sample URL:	https://www.nesting-software.com/downloads/
Analysis ID:	1544895
Infos:

Detection

Score:	21
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

AI detected landing page (webpage, office document or email)

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 5128 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 5984 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=2028,i,17760973288254348416,3101436154355620016,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 3964 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6040 --field-trial-handle=2028,i,17760973288254348416,3101436154355620016,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6408 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.nesting-software.com/downloads/" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: https://www.nesting-software.com/downloads/	HTTP Parser: No favicon
Source: https://www.nesting-software.com/not_available.html	HTTP Parser: No favicon
Source: https://www.nirvanatec.com/gq_online_download_install.html	HTTP Parser: No favicon

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.72:443 -> 192.168.2.17:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.154:443 -> 192.168.2.17:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49775 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: www.nesting-software.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.nirvanatec.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.72:443 -> 192.168.2.17:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.154:443 -> 192.168.2.17:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49775 version: TLS 1.2

Source: classification engine

Classification label: sus21.win@29/34@14/127

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=2028,i,17760973288254348416,3101436154355620016,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.nesting-software.com/downloads/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=2028,i,17760973288254348416,3101436154355620016,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6040 --field-trial-handle=2028,i,17760973288254348416,3101436154355620016,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6040 --field-trial-handle=2028,i,17760973288254348416,3101436154355620016,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: https://www.nesting-software.com/downloads/

LLM: Page contains button: 'DOWNLOAD' Source: '0.0.pages.csv'

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 117	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 250750.crdownload	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\95aeaf08-7ff4-4d2e-8a53-286e89082a06.tmp	Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: Chrome Cache Entry: 117

Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	13 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
nirvanatec.com	148.72.88.25	true	false	unknown
www.google.com	142.250.185.228	true	false	unknown
nesting-software.com	148.72.88.25	true	false	unknown
www.nirvanatec.com	unknown	unknown	false	unknown
www.nesting-software.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://www.nesting-software.com/downloads/	true	unknown
https://www.nesting-software.com/not_available.html	false	unknown
https://www.nirvanatec.com/gq_online_download_install.html	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.228	www.google.com	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
172.217.16.206	unknown	United States	15169	GOOGLEUS	false
173.194.76.84	unknown	United States	15169	GOOGLEUS	false
142.250.185.238	unknown	United States	15169	GOOGLEUS	false
148.72.88.25	nirvanatec.com	United States	26496	AS-26496-GO-DADDY-COM-LLCUS	false
142.250.186.106	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.163	unknown	United States	15169	GOOGLEUS	false
172.217.16.195	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.17
192.168.2.7
192.168.2.18

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1544895
Start date and time:	2024-10-29 20:10:35 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://www.nesting-software.com/downloads/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	SUS
Classification:	sus21.win@29/34@14/127

Warnings

Exclude process from analysis (whitelisted): TextInputHost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.163, 142.250.185.238, 173.194.76.84, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://www.nesting-software.com/downloads/

LLM Input / Output

Input	Output
URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: URL: https://www.nesting-software.com/downloads/
URL: https://www.nesting-software.com/downloads/ Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "DOWNLOAD", "prominent_button_name": "DOWNLOAD", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://www.nesting-software.com/downloads/ Model: claude-3-haiku-20240307	```json { "brands": [ "Nesting Software", "PLUS 2D", "PLUS 2D - Sheet Metal", "PLUS 2D - Wood", "PLUS 2D - Glass", "PLUS 2D - Light", "PLUS 2D - Glass Shop", "PLUS Cabinet" ] }

URL: https://www.nesting-software.com/not_available.html Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "This Download is not currently available. Please try again later.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false }

URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: URL: https://www.nesting-software.com/not_available.html
URL: https://www.nesting-software.com/not_available.html Model: claude-3-haiku-20240307	```json { "brands": [ "Nirvana Technologies Private Limited" ] }

URL: https://www.nirvanatec.com/gq_online_download_install.html Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Download PLUS Glass Quote demo version.", "prominent_button_name": "Activate", "text_input_field_labels": [ "User Name", "Company", "E-mail", "Phone", "Fax" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: URL: https://www.nirvanatec.com/gq_online_download_install.html
URL: https://www.nirvanatec.com/gq_online_download_install.html Model: claude-3-haiku-20240307	```json { "brands": [ "PLUS Glass Quote" ] }
	```json { "brands": [ "PLUS Glass Quote" ] }
URL: https://www.nirvanatec.com/gq_online_download_install.html Model: gpt-4o	```json{ "legit_domain": "plusglassquote.com", "classification": "unknown", "reasons": [ "The URL 'www.nirvanatec.com' does not match the expected domain for the brand 'PLUS Glass Quote'.", "The brand 'PLUS Glass Quote' is not widely recognized, making it difficult to classify as 'known' or 'wellknown'.", "The domain 'nirvanatec.com' does not appear to be associated with 'PLUS Glass Quote'.", "The presence of input fields such as 'User Name', 'Company', 'E-mail', 'Phone', and 'Fax' could be used for phishing if the site is not legitimate." ], "riskscore": 8}
URL: www.nirvanatec.com Brands: PLUS Glass Quote Input Fields: User Name, Company, E-mail, Phone, Fax

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 18:11:14 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.994760720930562
Encrypted:	false
SSDEEP:
MD5:	B05B83058280CCD93B071F02A7055B00
SHA1:	A8DE60B547597A9501D13EEF1647008AD410D0D0
SHA-256:	EB9F9744808BE5A729B744DA9279BE250FEF78F8C287E210CE7A00FD586B57B6
SHA-512:	FE35DBE6C9FEA211346FF9255CCF3C52B42FD984E3C09AD776641F59ADEFAD4E3C82D53E8CDB1243CA14DEC042DBF128EEFBD5CAAA186C8017E86EBDEE15ACAA
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......R6......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I]Y[.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Yf.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V]Yf.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V]Yf............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V]Yh............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............j.<.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 18:11:14 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.008688990967809
Encrypted:	false
SSDEEP:
MD5:	1A58C9231CEC789F18B58ED760541337
SHA1:	8A8C1F7C3985247227CFB1C55B7123E3BD8D6941
SHA-256:	DBA00CBE8ACD09428A95C140CE9C6FA0D917E46B9AFE856C11F0CC92BCD07B4B
SHA-512:	98DD98127A9F23D43315306BC13E39CB6D28D3C3B7362D42401B3F2847B91ACEFD888164E11CF340CC991C46CF7B56D5BFBC2E3B5BD55982C40FADDE954DFA7B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....PH.R6......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I]Y[.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Yf.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V]Yf.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V]Yf............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V]Yh............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............j.<.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.022009730630303
Encrypted:	false
SSDEEP:
MD5:	FF4C93110455A02432F465CF2737A9C2
SHA1:	86A818DC4C36CA7D7ED308B8CB2F3815B4DBF5F5
SHA-256:	66F55E466E1D9ADE6CBD56E84F78C2EFC1FD8CFDF584379D94D8935E2770680C
SHA-512:	FACF510974A4DD69CF8ED95039D8140BD0653C513496FE8A81AA2B78B3D7B325BF24DD8701EEE1177FF73FDC7242F9B3D4E32C6B961124235CB9B9C92AC330BE
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I]Y[.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Yf.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V]Yf.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V]Yf............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............j.<.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 18:11:14 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.00874242559011
Encrypted:	false
SSDEEP:
MD5:	A620D95DC0E64D1FB6F35E0D3D156ABE
SHA1:	41C948A612593E1467A69CF11FF7E05016AA86D9
SHA-256:	3541518DD42AAE6AB5420C4BA797912EFDBF915EEFA4C93DA9C1AD41C9CA8F46
SHA-512:	DD12F6CFD2D98DD4151D3AA095F4F85BEEC58B66F079640D00CD8240C5B0B093898DF198DC0AA0E80213C5DC622A12403713FF018F389DA54C03ADE802ABA4BB
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......R6......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I]Y[.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Yf.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V]Yf.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V]Yf............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V]Yh............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............j.<.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 18:11:14 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9978143670479325
Encrypted:	false
SSDEEP:
MD5:	C9E4AAD7D4D063A0B071B52279B24961
SHA1:	1691C6357BE19262739C1021086F1F9D4C0DCD50
SHA-256:	7973ABD1A2D4254DDFA80B1F93ACF4BC6117C2015CC72F471738C610066FE029
SHA-512:	9A1E53B923BCDA19478229F2FA623507F607F5525DE400D66A979F9184F5238961D8855FDD65E1492C725123E1AABB72F0F444703C05774A771965D5A171996D
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......R6......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I]Y[.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Yf.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V]Yf.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V]Yf............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V]Yh............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............j.<.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 18:11:14 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.008183200150926
Encrypted:	false
SSDEEP:
MD5:	75665C3C455134285C445EBDF414DFA4
SHA1:	71E64C5BCF8F136290FEB90F76FE0D3B7550BDE4
SHA-256:	2DB13BC11005E1C0678AB2E89635FF352DF81AAF8DC0F84FB006E9AFA11A56C7
SHA-512:	05339220350B4F3EDA68AEFD3883BEEDF732C512D915DE7C882ACBFBFE4750D6131C0387F65E433EFA003604AD9CC9EA14FF7455DFDBB8D8452475800A756BCC
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....S..R6......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I]Y[.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Yf.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V]Yf.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V]Yf............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V]Yh............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............j.<.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\Downloads\95aeaf08-7ff4-4d2e-8a53-286e89082a06.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7879
Entropy (8bit):	6.287307924501846
Encrypted:	false
SSDEEP:
MD5:	622637099A0C3E2DC61D72EDC00301D5
SHA1:	DA38B47F40A6F1A5983C7C4A792E88DFB2C714B9
SHA-256:	D0AFFB627F05FC33CF2F14F87FB0BC4E9C3A386D7ED7C71F15D6C7D95F8CD79E
SHA-512:	793D8271523AE8CDAC5B336464EFFD1D03E9CE6202CE3FAAC194A4CD99735F8E16C00D3A18B057D061C9560309A24D86630426A441C225DA2BB87F9D309D6B05
Malicious:	false
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....sP..........................................@..........................P...................@...........................p.......................................................................................r...............................text...d........................... ..`.itext..,........................... ..`.data...............................@....bss.....V...............................idata.......p......................@....tls.....................................rdata..............................@..@.rsrc...............................@..@.............P......................@..@........................................................................................................................................

C:\Users\user\Downloads\Unconfirmed 250750.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2079879
Entropy (8bit):	7.917331682764551
Encrypted:	false
SSDEEP:
MD5:	114787EEB437F5EE87B7637DC1E0020A
SHA1:	24564962AE9F91863107D8439653137A93BD8360
SHA-256:	DDFB844A6DC8068A431B121725DA8D303AD40A8885E5DB49D5377168D53BB8D9
SHA-512:	1785573117705F8E45E9168D2812F49659CEBBC53D9F6D7DA7D8D16CB005D6223BCF3366587DA20C881875017C71C8415CDE2EEAA27668F23D2678BE75E5E193
Malicious:	false
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....sP..........................................@..........................P...................@...........................p.......................................................................................r...............................text...d........................... ..`.itext..,........................... ..`.data...............................@....bss.....V...............................idata.......p......................@....tls.....................................rdata..............................@..@.rsrc...............................@..@.............P......................@..@........................................................................................................................................

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1455
Entropy (8bit):	4.9916392538496215
Encrypted:	false
SSDEEP:
MD5:	8A5590396DEAE985C90ACB08B1DD5318
SHA1:	7E8714F48DACC0571FC42A22A27A0FB84FFA17A8
SHA-256:	7E29AA24095C9C07B0315B90AED213D7F6D96D1EE64C73F3171DC102EEB5C0F1
SHA-512:	9F735927F3C5717BA38854210BCC6124FF65958319C0708302A3C0A0AF29EC79EC75227647ED377E68E66C59A00114219F0A833A92A37E144DFC3D911766E95E
Malicious:	false
Reputation:	unknown
URL:	https://www.nesting-software.com/support.css
Preview:	body ....{ background-color: #FFFFFF}..h1 { font-size: x-large; ..font-weight: bold; line-height: 100%; margin-top: 0; .. margin-bottom: 0;...text-align: center;...width: 1000px;..}..h2 { font-size: 14pt; font-style: italic }..h3 { font-size: 12pt; margin-top: 0; margin-bottom: 0 }...bkwood { background-image: url('images/bk-wood.jpg') }...bkqustn { font-size: 12pt; font-weight: bold }...bkanswr { font-size: 12pt }...bkstone { background-image: url('images/bk-stones.jpg') }...bkacp { background-image: url('images/bk-acp.jpg') }...bkothers { background-image: url('images/bk-others.jpg') }...bk2dcmn { background-image: url('images/bk-2dcmn.jpg') }...bkpaper { background-image: url('images/bk-paper.jpg') }...bkmetal { background-image: url('images/bk-metal.gif') }...bkglass { background-image: url('images/bk-glass.jpg') }...bkmachine { background-image: url('images/bk-machine.jpg') }...bkformwork

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 32x32, 16 colors, 16x16, 16 colors
Category:	dropped
Size (bytes):	1078
Entropy (8bit):	2.0662011189393796
Encrypted:	false
SSDEEP:
MD5:	60B9B83FA0EC34A8ACA7FBADCE7B24AC
SHA1:	232DB8C9E2829B601B52E5A5404EB74902482621
SHA-256:	B7FA86EB4908C8A0D2782AFBFBD10362DD7EBF11C7039ED74ACED08C71C92161
SHA-512:	8C40CEE0253E2B3D731A2F0ADCDD83027EE387B6A44B5DC415475D10415192386429616432CC547D03F79983D98EA53B20CECD86B7D861084ACF0A175AC40D6D
Malicious:	false
Reputation:	unknown
Preview:	...... ..........&...........(.......(... ...@...............................................................................................DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDK.DDDDDDDDDDDDDD..DDDDDDDDDDDDDD..DDDDDDDDDDDDDD..DDDDDDDDDDDDDD..DDDDDDDDDDDDDD..DDDDDDDDDDDDDD..DDDDDDDDDDDDDD..DDDDDDDDDDDDDD..DDDDDDDDDDDDDD..DDDDDDDDDDDDDD..DDDDDDDDD............DDDK............DDDK............DDDD............DDDDDDDDD..DDDDDDDDDDDDDD..DDDDDDDDDDDDDD..DDDDDDDDDDDDDD..DDDDDDDDDDDDDD..DDDDDDDDDDDDDD..DDDDDDDDDDDDDD..DDDDDDDDDDDDDD..DDDDDDDDDDDDDD..DDDDDDDDDDDDDDK.DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD................................................................................................................................(....... ...............................................................................................DDDDDDDDDDDDDDDDDDDKDDDDDDD..DDDDDD..DDDDDD..DDDDDD..DDDD......DK......DD......DDDD..DDDDDD..DDDDDD..DDDDDD..DDDDD

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CR line terminators
Category:	downloaded
Size (bytes):	1236
Entropy (8bit):	4.736658605728614
Encrypted:	false
SSDEEP:
MD5:	0E833983A040731C1744E90B2E16733C
SHA1:	65EB6CBE920E88812C5FFE7A5827565D7492F591
SHA-256:	560117B279C1AAC365DEF502D60DE13C256C53DDAE01F725CC74914E4B872BED
SHA-512:	D4FB8F38698863FC662A446F232561D9C1C911FD39848C9DA9246CCDDFD2A6FDE66490DED9F149094F8AA2A2BDEBA5C953643A7E58AB2B199D67D0B2261E46BD
Malicious:	false
Reputation:	unknown
URL:	https://www.nesting-software.com/downloads/mainpages.css
Preview:	body ....{ background-color: #FFFFFF}..headercell ...{ font-family: Georgia, "Times New Roman", Times, serif; font-size: 16pt; font-style: italic; line-height: normal; font-weight: bold; font-variant: normal; text-transform: none; color: #FFFFFF; text-decoration: none; background-color: #996699}.td,blockquote,p,ul,ol,li .{ font-family: Geneva, Arial, Helvetica, san-serif; font-size: 10pt; font-style: normal; line-height: normal; font-weight: normal; font-variant: normal; text-transform: none; color: #000000; text-decoration: none}.a ....{ font-family: Geneva, Arial, Helvetica, san-serif; font-size: 10pt; font-style: normal; line-height: normal; font-weight: bold; font-variant: normal; text-transform: none; color: #FF00FF; text-decoration: none}.a:hover ...{ font-family: Geneva, Arial, Helvetica, san-serif; font-size: 10pt; font-style: normal; line-height: normal; font-weight: bold; font-variant: normal; text-transform: none; color: #FF00FF; text-decoration: underline overline}.h1

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 60x60, components 3
Category:	downloaded
Size (bytes):	4568
Entropy (8bit):	7.862408205183363
Encrypted:	false
SSDEEP:
MD5:	27F3320D86ED384AFD73D71C17D4DAD6
SHA1:	16A7B622DD6D9CE30EC86D4841CD2E0D4AE61D5B
SHA-256:	8FD4531CC2777D680F96B2CBB972BE5343A08183E14CA39EF5A1A41AB39D67ED
SHA-512:	3A30F79F8F06E3B2D326F7AA50E093D41E44C51E87D26C201E1623D6E5EDE2FA0D7F8298D9E28B7DFAB32D837BF7A8EBB6D4F92506EE568C1AED8B1293D53C33
Malicious:	false
Reputation:	unknown
URL:	https://www.nesting-software.com/logos/plusreels_60.jpg
Preview:	......JFIF.....H.H.....C....................................................................C.......................................................................<.<.."..........................................P............................!.1A..Qa...3:v....#%'6SUq......"$9BCEFVWbs........................................2.............................!..1A..Ca".#%2BQR..............?......g-gg....Mn.c.&..D.2..U.V.j.Z.c.....z..2.c.u.U^.MQ.uX..X.Q.4.U.u.4...v.....xL.....w5d..y....#..1..4.B.H..:..I...n..a.......?}..c...S..w............~E5..i.....M..N..i.].s/..x&...1.,..K..]...[...J...}$.6=....#.P..2.2%.l...Xy@..@4.b.".J........r..z_.[..9..(...1..6..!..;.M...@.!..Oy.Up.M....E.HeUYUL.M$. ..(..R..(...)@D@8a.!..U..,..>&J.o....+"."j...W .,..u...Y.c&.Wf.G...y.h..x.....\|...R.\.F).d.<.E...a......o9..<(M...(.8..`E.{.G.yV.\K.[h.\|:..&}..^&.S..a..Eu.....vA.#..W.y...).l.b.c.g...G....c#....$U.%P..)......J'0.3L...v.B....#.U.D....n.SM.=.....v.....n.'R.$..,...M.....i.

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 60x60, components 3
Category:	dropped
Size (bytes):	1930
Entropy (8bit):	7.703886828079972
Encrypted:	false
SSDEEP:
MD5:	1493610AA484EEBD2DB1B79295869743
SHA1:	E93AEAEB645782B1A23821A75438DAC6813800EA
SHA-256:	81529528A2CF366C5F8D896E2BDB2E75FA6D909640B58BB6C59591A2F02E61B8
SHA-512:	051D707006CBCED094D3EB5D9BA16BF9DC60C5EA0264B8023D16F1AEA168D3B9B658F9C515860FC5117A60D1729A3C636983E468DC69F255EEF79C3E3B47EB2F
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....`.`......Exif..II..............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......<.<.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..-\|J..R..h..$..4.m 0...b.#<.}..yq..u.p.....B.......1..#.I.M...q..k.]^.6.3\....K...A_F\|...<......K(.......y\C..(.}aSRm.b....\|.bE8(..A..Z.q..!..k..b.x.(.a.T`........z.IS..~[s$...&.D...+..a.f.....J.9.. ..9....~8.N.G..[..v....<.d..eJ......~b...}?....sj..MM-nT...#.......x.@...(...&1B.....Q.c5.................gF.m......v..k./....N...

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 60x60, components 3
Category:	dropped
Size (bytes):	2590
Entropy (8bit):	7.793345438354677
Encrypted:	false
SSDEEP:
MD5:	A49853C1C557EF05224A0AEFA5168F4F
SHA1:	D158EE08EDFF0E9C1D71A6FEAC6563F543B7ADAE
SHA-256:	352BE6FE0E09B1306D2FB4CD806B472572655EDE6F2B79FD4F048A4233A7B499
SHA-512:	698648A356CF784C239A7D7B5CA7D39F06624F1E529C7B9826F82C803275EE0DF50FE9733F5D14C7356B63E5307CEC3FDE1AFE5B9AE89081F49F4AC6454849BD
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....`.`......Exif..II..............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......<.<.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....7W.C}......#..#. }.....Iub[.;J..4......5.kU.I....G..0..,.H.S~...0..Ip.\.2#..D..........R.....Mk...Gu!.Z....?w8.G..F#.....\.i7.D._2RV........1..#...........'.+y.-dMB.%V.F.]...d...sk.K.>..f..-..I..J..c..!..j..^;.9...o`..Mmq1q.F.s....L.'R.n~]ye...iu..{4q[..w.~...W...6...".T. .0.....U......k.^.._.......@.......W..._...(..]o...=.

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 60x60, components 3
Category:	dropped
Size (bytes):	1785
Entropy (8bit):	7.685795757003837
Encrypted:	false
SSDEEP:
MD5:	AF3CB2C116087954D34E58C457F04211
SHA1:	B19236B7A8812CE56264B0876D15F8A619F9B2EB
SHA-256:	2997CA17DDC810B77B5AC4D7D7118DB34DE6B16719856B9CE8B55730F44412F0
SHA-512:	F2130EB600141538CA425F29709A2CFC8958BF21CCAF69F00B8475A6685E7DC03430B43199A177E8AD95E9F5931D3DADA12341203B1C9D531B91182B9D881AC7
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....`.`......Exif..II..............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......<.<.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..,.N..].#G.?........9p...O...7...\|.b.q.w........<58Q...a&...?...Y....;...}..E..p..7.....fX.d.YD..-. g.+.....F.b.5&.V...IZ..&%S....&....U..D......6.q,.j...U'.5.W...<F...R.I..I8..>..n.3...:i...\..M.A.YH.*H...5.^..;...i.\..v.<.L..W.+...A..........C..'....Mp.jj.....A...mE...R.A.M......M......GR.go.q../.S....y....M\9.....8..ODT(..>m......

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 60x60, components 3
Category:	downloaded
Size (bytes):	1649
Entropy (8bit):	7.602624617445978
Encrypted:	false
SSDEEP:
MD5:	B29214F18859DDD9C8FB50F8EAA34697
SHA1:	E70FD2F72C6D11CF0C979152A1E056865CBD9D03
SHA-256:	0C7BA765034616CF9AE7DE53D6E954CAC6AC287588991CD1771E30530E2A1FA0
SHA-512:	9A51FC938B7CA699C8E922CDF0A84AE4D07B45CF82713B4D315FA4FC376F6ED15CB66EC772DF7E307FF5DF12451BB753559023B45C7FA52C9882A8CB7B693AD1
Malicious:	false
Reputation:	unknown
URL:	https://www.nesting-software.com/logos/plusbend.jpg
Preview:	......JFIF.....H.H.....C.....................................%...#... , #&'))..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......<.<..".........................................:...........................!..7."1Au.....2QUVat.....q.............................................................!1AQq...."#34...2a.............?...x..j'T..-.U...`r.c.......C(\...7...%...q#. .-....(U...4......2.@$.{.u(.Z..x.=........{..m...\.l.s.G.n[1M.ltQ1.D..h[..#q.j...b..f ......nh........=M..[.!..Z...H2.D.1..yg..2.......1.qm..z........g.._.....).c#v.f..h.J.....\i.V.p..(Q..I.RNcs5f.v..6.S]...{.p. L...E0).....u....b...OX.s...n......!..\.D.(./h...xa2.u\|$b..f.l..L..D.0i_.(U...4..Af,.B..w~).O...~J;..-\M.R..CH".*}..........!.{@0h.'br..i.A,...A%...q...g.1...h.x...MA..9H.$.f.^..]O.y.Xw,..xR.......s..nm....x.Z...j...@8T..I..s.G=.S-...I.[.;&.Z.....&.....j.`..f$6..".fO..w...S.d......;.....2.......\|DO....=<ink6w:SiKkm..f.F........RVw.T.9....e...H.g.f.<

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 173 x 37
Category:	downloaded
Size (bytes):	1646
Entropy (8bit):	5.198174318376244
Encrypted:	false
SSDEEP:
MD5:	9D984A4632EF62D3118FF1DD4C12669A
SHA1:	A1F51594251226BC5FCDA86ECFBA7EA94C55C81C
SHA-256:	074A613784549986A13C3DA1A96323CE4FFA127E3722312F78324DB608F16551
SHA-512:	F1E9CF110406CF2EF2A0E27B6D55BA295A6585F54CD891F6C929121DC1CC37E1655565B06B6BFEF7F4C93D1C26D0077596657553C33FEF3896DF576D6C590047
Malicious:	false
Reputation:	unknown
URL:	https://www.nesting-software.com/downloads/images/download.gif
Preview:	GIF89a..%....1.ck........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,......%...............\....#J.Hq.....`.... C..I....9j<...0c.\IP..8s..H...@..}....H...hT..PSB.J...X....W.M."..B..0.@.``....2@(......^L8.....$<.Q....n4..E....l..p.....t.Qo.".3t..-....7b.k

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	downloaded
Size (bytes):	1263879
Entropy (8bit):	7.940129577774531
Encrypted:	false
SSDEEP:
MD5:	2DD4086B4E9180C15C39136583F730B3
SHA1:	5BEB8CAAEB49018349E8D6BD07E4E1035FBA7FBD
SHA-256:	F830A49A765BF3F8F0B04AB74465D4AD5DBD2048CFD126F1653CC0F1B3FF25FA
SHA-512:	919A859E30EB10567CC34AA1F933AE13ED961333388894CD902AB6855815859CA9F76EDFCDE3DED83B1E67B4AB46403A9BB716E7D3684D5E91739AA249CA5A32
Malicious:	false
Reputation:	unknown
URL:	https://www.nesting-software.com/downloads/plus2d/setups/plus2d_dp_glass.exe
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....sP..........................................@..........................P...................@...........................p.......................................................................................r...............................text...d........................... ..`.itext..,........................... ..`.data...............................@....bss.....V...............................idata.......p......................@....tls.....................................rdata..............................@..@.rsrc...............................@..@.............P......................@..@........................................................................................................................................

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (492), with CRLF line terminators
Category:	downloaded
Size (bytes):	31520
Entropy (8bit):	5.190710267525338
Encrypted:	false
SSDEEP:
MD5:	642266B98336D8A00F5F615AB6FD6C34
SHA1:	D01E6D4557BAE367AAED3E822511A7A2E201D329
SHA-256:	F6C394F127334A226FFEB2A80E6812DDADC27EDEF98ED55AB7F34199B6B84442
SHA-512:	04B2D83D4D994F107585EF89150B87D1A94C5F5C02A77A773129772A5FBA632E57FAA80A2F4A7E3E1FD818C63F192377B48209A6240BD3653073BFBDF76F90E5
Malicious:	false
Reputation:	unknown
URL:	https://www.nesting-software.com/downloads/
Preview:	<html>..<head>..<title>Download - Nesting and Optimization software for sheet metallayout...</title>..<meta name="DESCRIPTION" content="nesting software and optimization solutions for sheetmetal, glass, woodworking industries.">..<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">..<meta http-equiv="Content-Language" content="en-us">..<meta name="KEYWORDS" content="nesting software,custom,software development,sheet metal cutting,sheet metal fabrication,sheet layout,sheet metal layout,glass cutting,sheet cutting,Cutting Glass,material optimization,optimization,services,Rectangular nesting,Panel cutting,software development India,nesting,cutting stock,free,download,Sheet optimization,Guillotine,shearing machines,CAD/CAM Products,Nirvana,Technologies">..<meta name="netinsert" content="0.0.1.3.2.2.1">....<link rel="stylesheet" href="mainpages.css" type="text/css">..<base target="_self">..</head>....<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">.

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 60x60, components 3
Category:	downloaded
Size (bytes):	2274
Entropy (8bit):	7.734908657797484
Encrypted:	false
SSDEEP:
MD5:	C7EE6A7139F9240581A9EB718CD62338
SHA1:	BFB148EB67855A505F2F65A60CBD7F18EA247EA3
SHA-256:	A12E3425B7D46F802A5F14AF8C2FC5D0254E677ACB34EF5197434617045E2A16
SHA-512:	5A849E1FEC46B276D7E43864C6DAB93EE7AA50AFC1C557B99392B301A5D1A6E60B9CDA199C7D216F1A8DBBBEC31BD5783CFCD5308C0822389B1C85098E074452
Malicious:	false
Reputation:	unknown
URL:	https://www.nesting-software.com/logos/plus_bomgen.jpg
Preview:	......JFIF.....`.`......Exif..II..............C....................................................................C.......................................................................<.<..".........................................8..........................!..1.A"Qq..2...3ar..#8BCR..................................+..........................!1AQ."aq.....2.............?..u..U......-.2.}w..[.[l.e.%..A -......g..$......\|..A..[M......>......~@.C..l6..=\.wC[.M.......eRT.p.<.>Z..uk.b..l%-%r..T...SHi..B.{.0+V.~..P.b.....)..A.......Qh.....!...j.H..W...U7....7 :.IeQ.Oj.p..m.:E.U.{.~.t.l.u..S..5...$w7.8..3g...Y.R^PL....?&......d...}/mk(.....l.>.Tb.%c.....3.u.... ...x.=.J...zev.t..UfVm...)O.a.A.J..p.>F.,..\...I.Y..,.%..0B.[W....(/Y..E..#...O<{f....)Rh+x....m.>..9_..<..X.@......<........j..1`o.B[w\|'L........P..S......=.....M..._.M<.LJ.h......U.{`k...K..u.i%..0k{$..!.......09.B...iq...h.Cr(.Q...._[.....-#.C).2v..l%....T....'.9%.x..+W.Ny.'.Dc~.....

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 60x59, components 3
Category:	downloaded
Size (bytes):	2528
Entropy (8bit):	7.777635866472982
Encrypted:	false
SSDEEP:
MD5:	212F9CD20DC3B7FC5E860E937D3A51D9
SHA1:	1DF2488B748E2A9B70D1A8687CD074EE62578ACF
SHA-256:	B804C24167B8877ABD87768532273BE8FB42BA97EE82D9D5556B4FA1B3FB32BD
SHA-512:	BEBCD8BA55752853AC8B6C8ED2C5D7508AC256D094059BA3ACDBE01EFD1AAE8531F9CD07BE1E0A8B5ED679AD7DF69F9C392AA7B6F3ABDA55BE4F7C1A750B06DE
Malicious:	false
Reputation:	unknown
URL:	https://www.nesting-software.com/logos/plus-glassshop.jpg
Preview:	......JFIF.....`.`.....C....................................................................C.......................................................................;.<.."........................................B..............................!....14S..."8AGgv........&2a.EQcr.................................,.........................!..1."AQa#q..B...............?..k.._...&.-.7.....\|LL.0.T....\".T..QJ...J..-...[.....}`Z..N=X.E..@(!v.[r.;.'$..5.,...u.._E.G..M.]..z...+..sIt...P.%+B.u..Qq...0..e.X;..)c....Y.....fe...\.Q.S.ok.L..F..S.X..x.F[.Z...A...........in7?.sX.g7.......v..{\.....P........9...k..p9.e.P...j&....N..%A'..?Z.Gev..?z.e.`..;S.P....19h%<.."..s..M..eM....![@P#..L..ys..Y.9...c/.W...Y7.CB%.R..b!.....-..T....P....~..1Q.;U%-"T..V......................N=Xg4o.X.Pe..]b.1..0T.../1...P...F......IU.v...r..g....\oY...V;U..x../nf...X.O..q....U6]. ...:....._+?T.w.. .v~....f.t..).[...G.r.............~;..=`...:..+..z..D....s.h.......09...S.J.".......

Chrome Cache Entry: 126

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	5208
Entropy (8bit):	4.93485574418168
Encrypted:	false
SSDEEP:
MD5:	BBB999BABE404650FD767A5AFE6DAA2F
SHA1:	006593AACD1436D0DA7E396436CC3D917A915517
SHA-256:	D4FC38E3AA5EDD84FFE02019F21BC7FDAE6D94618497B7E26C02856BB2C90003
SHA-512:	61238DB1D163F204BC955548C7428501712B6B275C8EEF9559726177184C79FA53D94CFD5BC4B2179C01689E00118BB4BC33E482BE740A581DD7C46734F09481
Malicious:	false
Reputation:	unknown
URL:	https://www.nirvanatec.com/gq_online_download_install.html
Preview:	<html>.<style type="text/css">. .style1. {. font-weight: bold;. text-align: left;. }. .style2. {. font-size: medium;. }. .style3. {. width: 406px;. text-align: center;. }. .style4. {. text-align: left;. }. #I1. {. }. .style5. {. font-size: small;. }.</style>..<head>.<title>PLUS Glass Quote : Quote Generation Software</title>.<meta name="DESCRIPTION" content="Quote Generation Software" />.<meta http-equiv="Content-Type" content="text/html; charset=windows-1252" />.<meta name="KEYWORDS" content="Quote, estimate, invoice" />.<link rel="stylesheet" href="mainpages.css" type="text/css" />.</head>..<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">..<div align="center">. <center>. <table border="0" width="96%">. <tr>. <td class="headercell" align="left" valign="middle" height="25"> . <h1 align="left"> PLUS Glass Quote - Download and Insallatio

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 60x60, components 3
Category:	dropped
Size (bytes):	1915
Entropy (8bit):	7.686976185358737
Encrypted:	false
SSDEEP:
MD5:	5F6056601ADD6BD79E4E2BF655E3CB64
SHA1:	140FEE7D5A59C2F7C93523BAC34C2E8F59171202
SHA-256:	B9597A4393A3218E2F12D2272735EC2956E17A8C1C57AC6E0BAA217A5AEAA2AE
SHA-512:	C10583ADB17BF678F712E5548FD462A6E1CDE1E97D8CD79D56A6F02F231A3C4C3EF3A6FC806CCB233B37031CCF54F0460C375298F36B87FBDE58A38AF9D82623
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....H.H.....C.....................................%...#... , #&'))..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......<.<..".......................................=..........................!.1..A...."7QUVq..2au....R..Btv.................................,........................!1..Qq.Aa....."...............?..5.^t..+-....bY...J^Pw.QCb.#.]...Y%7o/.....1.<.j................)..+....&--..J.H......(............................u...qV.um.......PAI..m.....8K....._u#.!.cxx._u#.!.cxxV.))Sn.9...9i..RB..iI..G^....'r....'pi.L...q&....i."..".A....l%[s.Cq.6.{....\|........C..ja.)....JT.a{c..q..o6..9.i)#.8.:....~n..g.r....._M...3..=Pa.Z..#.O..V.....Jx.?s..H.TL...m...FBC......n;.g...l..Q......V-...G$....I.......N.@%J...Y..yiN.[.jI%...r....o..En<.....Q[..n..y.{N.=&9e/.o}1.1..:.Z.J..'.H...i..j.m.?t.a...{Qf...B.5.;F.8...V.P<.A'..fW3E}..Q.eO...H-........88H....:...^k ....laU.s.Z...6*.T%="\....i.6.(... \|..bl.......i..N..5.\|

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 100 x 37
Category:	downloaded
Size (bytes):	2575
Entropy (8bit):	7.590629057865006
Encrypted:	false
SSDEEP:
MD5:	4A8F0856E3CD7C1422B21078D338D68A
SHA1:	198A4101FBA3DD81C888096BAE003218ACF80019
SHA-256:	74AEDA27A511A04573DF08B756B7FB4ABCA90CEC71EFDD3DE9012A1C859CFAF0
SHA-512:	D0FD203AF7B87B8836D8A5AE3B688698D14A2D14FD6255376D0B0C58447ED309C0D588256872F7193AED7ACD3B71AA939E271E6DC07523B6B988F90508A7700A
Malicious:	false
Reputation:	unknown
URL:	https://www.nesting-software.com/downloads/images/compare-table.gif
Preview:	GIF89ad.%......l..d..........t.............\.....\|.........l.............\|......................\.........d..........................l............t...................d..l...................\.....\|.................................t......l....t..d.........t...........\..........l..........\|...............\........................\|................d..t.........................l....w\|-0........w.#.P.........`*.......ww...........w..............O.......w\|...........\|............p........w.\|.............tP.=..v.w...T........\|..1........\|....c..3......l..........#..6.....Z.............\|...........\|.......................\|.......B...Og..m..w\|.)./N.....Z.\|.l.........\|..X........wOm......w\|w!.......,....d.%......i.H......1Q......hp......".X...@.p..E(;\.\..K.4.\|.0.....>..p.F..@.j.:.%....%.cG'.8P]..hq...)b..UCW...:Q..@O....T.q..)..K...g.I....0..\|.."..R..L@.....x...W..A.. .....0...`...&.f q.$...v

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 509x336, components 3
Category:	dropped
Size (bytes):	34085
Entropy (8bit):	7.5714957304225425
Encrypted:	false
SSDEEP:
MD5:	AE13F48EC3FE8DAE036C0581AD75A21F
SHA1:	27523B9C9AE9DEC2137E3FC6A7FDF7CDD0D3E866
SHA-256:	125EBFF37AC393923EA7597C4108F532CDBC180B558A51660B5A3425844807B0
SHA-512:	1A3DF09261FA0CF5BC9E7B18B38CAAD8BD2C9A989BC065D20858E3362AB330355A46B4A5BC58150FE1EAD78D5AE782CEB61683F608FAF97E248CF3303D2B68A3
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....`.`.....C....................................................................C.......................................................................P...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?................,.0...FY...q.;...._..+..\|O.o.^..,v}.N.5.:...z,..).:.FV....pk.~......>.....+.b.....&..N?...O...t.o...6.i...Eq#..2.....T..I".9.#g1.....2....Ux.1.....wU.....:.u:k...s........M+\|......l........)4..9^..1./.~...1......;...f.t...Z\lv..K.Q.......y....'..m..'....\|#.g.....mu.>..ho3....@-Q..Z..O4h...4q.....!.....g....}S./..........iT.N..8.P.HU...J..z

Chrome Cache Entry: 135

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 60x60, components 3
Category:	downloaded
Size (bytes):	2292
Entropy (8bit):	7.760256709750201
Encrypted:	false
SSDEEP:
MD5:	7D1E88BAAB5329FA83094E0BE1E6750C
SHA1:	226E6B51FFE0E198F04A762BBA7274CD8C4FB16E
SHA-256:	7DF92753B9246C28D4E35880DCBE15166699DC4967FE6D0DFA2F4F6AB5FC74F9
SHA-512:	02287C29D9A2DF8BCF925FA412C19A8D34602A0A847237886DAC5A3891378211781F08AB6B78DB98749EDE0EAA6493703FE2A22EBD021CBB913AD19384F5D64E
Malicious:	false
Reputation:	unknown
URL:	https://www.nesting-software.com/logos/plus-labels.jpg
Preview:	......JFIF.............C.....................................%...#... , #&'))..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......<.<..".......................................=...........................!.1Au.."57v.....2BQUVW.....8..3a...............................9.......................!1..2A."Qaqr....45BR......#3bs..............?.....t...U.fU.4.e...T.-...vm.......IT.............#Yj.J.5.7<.2.H....$.g9yY..:.t.T.$.S.V..(..5!(.:.[HW/$)n...,.e<.M..j.\-27.3....X..}.?...\........U.x.;~....-6....V..(........p.......n..OIW..Jhc..:...Z.....ZJq...z.p...{#....]...;AZ......;.;S.)pe..\O#.7.4......H.%M.....p..J."7L.......?..\|?...\........?..'...}%...a.f...o...-.7"..R... R...w....n.\..I3ON....RT.....3n.r..R......^..._G.lb$`....1....()9.Im.j...Em=.'VF...]S.'p%%+'..7'j.N..w.w...g...#...m.b.V.wRp..?.@%I..5.7......4sT.....y.Z..IJ.l2.C.`.8...I*..F...3.....U.w.M........F.......A..Y.Up....t...<.JUKD.BV.\m8%O ..'....E.xv.....S...vF

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 60x60, components 3
Category:	dropped
Size (bytes):	1931
Entropy (8bit):	7.707550096205114
Encrypted:	false
SSDEEP:
MD5:	F131148136105D56DC613551542F498F
SHA1:	6B094B2BFFAC7851F946871188563278D0417FA3
SHA-256:	CB9DD860AA75C724CC5C6C172B93DA41682081150B97C55025EEDFDE653C83FA
SHA-512:	8E0C93D2E3F229D3410151C4E0C6B5C19D7B6C775ABA407CCAB4C898F79E85A0F565BF173BCBAB7696948A5C77ADE75F19741CC083EC30188D001BAC9A61B49F
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....`.`......Exif..II..............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......<.<.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..>%\|J.\|e...[]<Z.Nc..&e[...$..q%C.G...9';@.....c.q.A.i...!&M.......u...r+.G.............%z9.i`0T.A$....Ri.y;.+...?6..G.KE}....F7.j..t~Tm_...~...].Y^]i.iwcs5..y.5..7\...pFA#.....D........bs.2[..u.bL"...=T.. ....Nk....h.UfTeaW.{W..">,.....&J.U...^....H..?....I...(...}/...4...\|=.^x.\...2..-.#_.c..?.S^...?..U\|?7...\..!P.........O...A...g

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 60x60, components 3
Category:	downloaded
Size (bytes):	1857
Entropy (8bit):	7.665692181159151
Encrypted:	false
SSDEEP:
MD5:	C955A0BA0912F55EB17C681D96A3E734
SHA1:	F9DEFC6A4308ABBCBC0FA0388873C8F394156E93
SHA-256:	C8AD71BE0EE6B1789049D577D7A52F2007B211391F9D653A6725A2EFAB9322B5
SHA-512:	8A607AAD4E2B09E627FA8DA4C3A08954D33DC814DD02931B22E2A75C7713279D8DC0BC50C34A511E5FB19D909976C318B6E9EAC89F5D99BE2D1297FCAAEEF556
Malicious:	false
Reputation:	unknown
URL:	https://www.nesting-software.com/logos/plus1d.jpg
Preview:	......JFIF.....H.H.....C.....................................%...#... , #&'))..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......<.<.."........................................:..........................!.1..AQ...."7UVau.#....BqS............................................................!1.AQ...a...2qr...............?..k.T.9.V[.;N.%T........G..U...P.JnT.5#.!.cyx..z.......'..8.....$......M?O.....1..s..R>b..7.......F4.H.$.q-6...&.b....h)....zk."8.,:...mc..K...>....V..O..m6.-.>jG.C....5#.!.cyx....H.u.......gO=...E...\...1.2R.(d.~.65.q.......ko.../x.!4.]....U...m..M..,..!W`#.......6R.......&....._C.v./.....w.l..q....T.Q'....,7.uC;..q..ZI.R....U[..v....v.7.{.b8..Wy..cs_vC:.....Z...i!)..u[.>....M 4l...P......\|.."\....J.G...(.a...NP..0t..NG"..i.9......q%..IU.l.^..x....y....Nnf.K.y.....nX....(....f..5.RUB.uh....`.m._...{5..#.>_..@J..H.U$.....s\I..:.~...-P.be...Y.H...b19..#....p..*>u....V.&.....T.M.Ooh..oUs.

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1280 x 70
Category:	dropped
Size (bytes):	15635
Entropy (8bit):	7.851087410163215
Encrypted:	false
SSDEEP:
MD5:	6B89ADB18FF1725D28A44D40713A9E69
SHA1:	AEDD6DDD42291C34C93632441A4E12F68DDFCD7F
SHA-256:	8BC55D7E97FC2C0F2265C18E37B2F79CAAF7E4F8F435AE8AD077290F018A704C
SHA-512:	65947221FA16854E68EECDD1A69461812B3AEC16EFA40210EADAE42E55C4D0BF178CF26DE44B9E96F4BF9C7B2742DA76DA5E3EB0DDFC7E77AD17CEB4EE434F36
Malicious:	false
Reputation:	unknown
Preview:	GIF89a..F.................q.q.............f..3.......u..X..............z"z........K..B...~..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,......F........H......p (.C...HL8....H.0.../... #B.%M.L..I.)QfXP.B..5s..@...4w..ZaA....(].....J..u..X.^ ...K./..\.......bM...j.\...n.h.B......N.K`........w...#K.l....3k.....Cw.@....M{..9.k..

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (422), with CRLF line terminators
Category:	downloaded
Size (bytes):	2007
Entropy (8bit):	5.057721175648094
Encrypted:	false
SSDEEP:
MD5:	B490CC9E275442664B2133C50FE9F7AC
SHA1:	140053132B13C79BA2409F6B3570E6F2143C8781
SHA-256:	F3CA50F0E709CF24CEB092D03CEBEA92F794008DABE0C073DFAAD0A6FFD7D36E
SHA-512:	00A661DBD323A292913644F388C8FB2B2A572DA046C07A5EE3305BBE1014FB35A7B3D72221D887498BFDCB127B6BA28EE6B4562502E2CC18274BC1B7287D915A
Malicious:	false
Reputation:	unknown
URL:	https://www.nesting-software.com/not_available.html
Preview:	<html>..<head>..<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">..<meta http-equiv="Content-Language" content="en-us">..<meta name="DESCRIPTION" content="India based company providing rectangular nesting software for sheet metal layout, fabrication, glass, woodworking industries and offering custom software development services in CAD/CAM">..<meta name="KEYWORDS" content="nesting software,custom,software development,sheet metal cutting,sheet metal fabrication,sheet layout,sheet metal layout,glass cutting,sheet cutting,Cutting Glass,material optimization,optimization,services,Rectangular nesting,Panel cutting,software development India,nesting,cutting stock,free,download,Sheet optimization,Guillotine,shearing machines,CAD/CAM Products,Nirvana,Technologies">..<meta name="netinsert" content="0.0.1.3.2.2.1">..<title>Nirvana Technologies: Nesting software, optimization, CAD/CAM, and custom..software development services in India</title>..<link rel="stylesheet" href

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 60x60, components 3
Category:	downloaded
Size (bytes):	2613
Entropy (8bit):	7.807384851486855
Encrypted:	false
SSDEEP:
MD5:	BB1E1F55C840A302F8D785749D5A77AC
SHA1:	F17A9AE9B7E5AC575F89D150AFECBCD71D7ED8EE
SHA-256:	88FF2328796EE613BBE6B2833EEC6FF59DDAA5A8EEEE629463FD92C3A06E06FA
SHA-512:	1C2FA6D4DEC6DFF873EC4E2A33B1C2FBD19852D87998790D7621635F4DDA5182054B46196B86682EDF5B16A1FA5522808D4F81A32A4E72729E282B64A0860DC3
Malicious:	false
Reputation:	unknown
URL:	https://www.nesting-software.com/logos/plus-replicam.jpg
Preview:	......JFIF.............C.....................................%...#... , #&'))..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......<.<..".......................................>...........................!1."A..2.QUa....37Bqu.....#$RWr................................0.........................!1.AQ."2aq.R.....s...............?...7.u...6......W_..y$e..6...a.....\|.S.bA<...rK..e7......qz...~....,..twJ.H.d...J.....m..%.%):..&H..b.Za.<.\p.3..1...........K..Y1D.{.B.E.$....i.Y9.>..ZgX.%....tB.(..;....c...t.`.W..$i,o.......2.=...r....7.z.<=.P......On.....l..iHT..$sq.V.TW....BV.;.d.....j.g....m...[........P.#.....8Q.....)s_..y..b...Z.....n.W$..W..DQ...Z9...N..G.\|7.;s.i..[r.O.<......N.......9.....M.R]b..U...IfI....J\|.....c......z._h.;..x.]..LdWjyT..0...)..8..;.[.t'..G%.S...J.X..d1...A..8.^...;......1.V[m.6......B......JD.=.I...DI.G.WP......9c......f.@.{...:.z...<....K..7..e>...&.FY.W15.cl....R.7H..e..A...I.:n....n(.E..: ..>.x.K.

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 60x60, components 3
Category:	downloaded
Size (bytes):	1959
Entropy (8bit):	7.715789967236117
Encrypted:	false
SSDEEP:
MD5:	84FE76DC716A4D3C0838611D8FAB2F77
SHA1:	0118D365479F16A188219C529961F0B0EA45C6BC
SHA-256:	862B12833AAD4E3FA6E3E6DF7455A7504BB08E7AD9C05F5FC6B4B7F747D4A7EE
SHA-512:	A2E58169436C6EEBB75A6E1A7A19BBCA44C1570B760B9DD340D7B9814D263DE47400AF381A90589819BC8EBB96BC50E5E94A1F1B58824D4FF8146D07AC758508
Malicious:	false
Reputation:	unknown
URL:	https://www.nesting-software.com/logos/plus2d-wd.jpg
Preview:	......JFIF.....`.`......Exif..II..............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......<.<.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...-.D.....r..>x.vq.9..f@.p222.2Ey....W......)+.0xzq..-.0...........u{..X.p...P......3......H.d.YD..-. g.+.....F....M..].:....h....:.Q.?.~U..C......6.Q,.j...U'.5...0..&.+..'n.DJ.Kk1......X.<l.....AR. .k.}...t{i...j.....A..T...`y.g..w.....k.6.N4....A..>.....Q]....<M..2.c...........3^..........9...)....N..tk..I.\h.wh.....?..$.....

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 60x60, components 3
Category:	downloaded
Size (bytes):	1955
Entropy (8bit):	7.701609691791057
Encrypted:	false
SSDEEP:
MD5:	8D81A1211F14BD33BE8E4AED1ED84AFB
SHA1:	9F452398610A2C51EB09822E98E99A86716E011D
SHA-256:	5D4BCA00847791C58AC3A9BD7ED6ACA1BB4B174CA169FBA8E701E6F671F14FF4
SHA-512:	76C7A58C350772C96FA8B5CAA9FEA660266BA7E75C00775CA911AA7DA86DEE81F0B521D02A2DB56BFDEAC74F10BEC519D49F65774C990D4F50D9DA62867133FD
Malicious:	false
Reputation:	unknown
URL:	https://www.nesting-software.com/logos/plus2d-mt.jpg
Preview:	......JFIF.....`.`......Exif..II..............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......<.<.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...-.D.....r..>x.vq.9..f@.p222.2Ey.......(.....B.......1v.#.I.6G..<...w7...5.O.b..>..U.....'.b."U.ie.8.......+.syF....M..iF...\|.cE81(#.".d...k...o.....m.X.Y..Q.2.O.k.....=.&.+..'n.Fr.[E.+Q..5H5-6_.^[.x.N.pG..O....dW.>....k......=/K.9I..H....1...g.#'.?(.{......S\Y...i)Ekr..v,......WE.}...x..L......#..%G.q.....v?.....j...N..tk..I.\h.wh.....

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 60x60, components 3
Category:	downloaded
Size (bytes):	4426
Entropy (8bit):	7.829254237889285
Encrypted:	false
SSDEEP:
MD5:	5F54383B92C3CA3DF1D611F2E95691DE
SHA1:	9C0A6B3FE3CB6CFC95E92C0FF4C34EC29D5464D9
SHA-256:	FEBC457F66D1F0DD083C93EC1F06E0828D3559E5AE1DDD76735BC29BC474B2F2
SHA-512:	97E1B383F5D8ABDD7B01B136E07978D2676D43EBAD14BC7A1D5B8D432D80C9E4BE3632E9F87719B2B6EF520AD036BC7817A1252CB452499C4D3E7592BFDE571D
Malicious:	false
Reputation:	unknown
URL:	https://www.nesting-software.com/logos/plus-cabinet.jpg
Preview:	......JFIF.....,.,.....C....................................................................C.......................................................................<.<.."..........................................7..........................!....1."AQ..#2a....$&bqr...............................................................!...".#.1.Bc............?.l..>.uW..^usW..R.yv.n.L...]1k4.%=..N..$e...O..LR.Y.2t.]..........EG.d.......H.........iQ..y.BGhFV..H.?r}..Rc.C.....9<p.0@?..=<m#J.8.N.b.xmA(...b....r.Y6.#..L.....LR.Yk.R.Z._.I..6.[W..1.....T....BQGdz...{3.A .61...!R..m...........,$..2...'.[.....wY.);..,......P#.7.&.y].-.e..[S..]A...Ct..u.Ru...U..$.....-q..q..) ..d.{......J..%Q.R...eA..nK:]3....c~.f......a.0....'...J....;yO.......8s7.....5..T..^.._.\.b.X...:5....g..\|....KH........yx.7o'..GX.v.<...P_.t..:=v.X....]..Dg[.Kz.:....).16$....&;..2.N................P.B..O. ...\|c..O?N.N.%......%.j4....C.ZB.AE\ ..k...B{.Q....o...C...Q...9 .c.....t....].L...z.K.q....(....b

Static File Info

⊘No static file info

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www.nesting-software.com/downloads/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Users\user\Downloads\95aeaf08-7ff4-4d2e-8a53-286e89082a06.tmp

C:\Users\user\Downloads\Unconfirmed 250750.crdownload

Chrome Cache Entry: 101

Chrome Cache Entry: 104

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 113

Chrome Cache Entry: 117

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Chrome Cache Entry: 129

Chrome Cache Entry: 133

Chrome Cache Entry: 135

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 93

Chrome Cache Entry: 95

Chrome Cache Entry: 96

Chrome Cache Entry: 99

Static File Info

Windows Analysis Report
https://www.nesting-software.com/downloads/