Edit tour

Windows Analysis Report
http://https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc

Overview

General Information

Sample URL:	http://https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3N
Analysis ID:	1545674
Infos:

Detection

Score:	3
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Stores files to the Windows start menu directory

URL contains potential PII (phishing indication)

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6316 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7000 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1960,i,870884608912058021,9007639421901599952,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6656 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: http://https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu	Sample URL: PII: eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu
Source: http://https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu	Sample URL: PII: eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu
Source: http://https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu	Sample URL: PII: eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu
Source: http://https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu	Sample URL: PII: eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu
Source: http://https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu	Sample URL: PII: eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu
Source: http://https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu	Sample URL: PII: eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu
Source: http://https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu	Sample URL: PII: eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu
Source: http://https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu	Sample URL: PII: eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu
Source: http://https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu	Sample URL: PII: eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu
Source: http://https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu	Sample URL: PII: eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu
Source: http://https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu	Sample URL: PII: eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu
Source: http://https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu	Sample URL: PII: eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu
Source: http://https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu	Sample URL: PII: eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu
Source: http://https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu	Sample URL: PII: eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu

Source: chrome://newtab/	HTTP Parser: No favicon
Source: chrome://newtab/	HTTP Parser: No favicon
Source: chrome://newtab/	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49714 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.16:55320 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55320 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55320 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55320 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55320 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55320 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55320 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55320 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55320 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55320 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55320 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55320 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55320 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55342 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55344
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55346
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55347
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55351
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55354
Source: unknown	Network traffic detected: HTTP traffic on port 55326 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55341 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55359
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55355
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55356
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55357
Source: unknown	Network traffic detected: HTTP traffic on port 55327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55363
Source: unknown	Network traffic detected: HTTP traffic on port 55355 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55360
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55363 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55344 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55340 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55326
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55327
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55328
Source: unknown	Network traffic detected: HTTP traffic on port 55357 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55329
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55324
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55325
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55369
Source: unknown	Network traffic detected: HTTP traffic on port 55328 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55354 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55324 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55339 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55343 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55335 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55339
Source: unknown	Network traffic detected: HTTP traffic on port 55356 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55335
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55340
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55341
Source: unknown	Network traffic detected: HTTP traffic on port 55329 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55342
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55343
Source: unknown	Network traffic detected: HTTP traffic on port 55325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55346 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49714 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1405382660
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1405382660\sets.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1405382660\manifest.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1405382660\LICENSE
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1405382660\_metadata\
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1405382660\_metadata\verified_contents.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1405382660\manifest.fingerprint
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1008761586
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1008761586\Google.Widevine.CDM.dll
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1008761586\manifest.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1008761586\_metadata\
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1008761586\_metadata\verified_contents.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1008761586\manifest.fingerprint

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_6316_565974922

Source: classification engine

Classification label: clean3.win@46/31@16/142

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1960,i,870884608912058021,9007639421901599952,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1960,i,870884608912058021,9007639421901599952,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1008761586\Google.Widevine.CDM.dll

Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1008761586\Google.Widevine.CDM.dll

Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	21 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1008761586\Google.Widevine.CDM.dll	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
google.com	172.217.18.14	true	false	unknown
plus.l.google.com	216.58.206.78	true	false	unknown
play.google.com	142.250.186.142	true	false	unknown
www.google.com	142.250.185.132	true	false	unknown
apis.google.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
chrome://newtab/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	unknown	United States	15169	GOOGLEUS	false
142.250.186.67	unknown	United States	15169	GOOGLEUS	false
142.250.186.78	unknown	United States	15169	GOOGLEUS	false
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.250.186.170	unknown	United States	15169	GOOGLEUS	false
142.250.186.163	unknown	United States	15169	GOOGLEUS	false
216.58.206.78	plus.l.google.com	United States	15169	GOOGLEUS	false
142.250.185.234	unknown	United States	15169	GOOGLEUS	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
8.8.8.8	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.195	unknown	United States	15169	GOOGLEUS	false
142.250.186.142	play.google.com	United States	15169	GOOGLEUS	false
142.250.186.164	unknown	United States	15169	GOOGLEUS	false
172.217.18.10	unknown	United States	15169	GOOGLEUS	false
142.250.186.74	unknown	United States	15169	GOOGLEUS	false
142.250.186.99	unknown	United States	15169	GOOGLEUS	false
66.102.1.84	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1545674
Start date and time:	2024-10-30 20:13:52 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean3.win@46/31@16/142

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.67, 142.250.186.142, 66.102.1.84
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ*steven.davis@tu.edu

LLM Input / Output

Input	Output
URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": true, "encoded_characters": false, "redirection": true, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: URL: http://https:
URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: URL: chrome://newtab

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.0136726378844765
Encrypted:	false
SSDEEP:
MD5:	1F78064C97A242D3DEA39D2075DEBF73
SHA1:	A76D0E434173D0F6C9D5EB00316EE624FB015935
SHA-256:	41C015763704DF57EE806B1AA30198BAAAD53416EE3C24233AE097B1DD698729
SHA-512:	960564ED19513D9211D40E07044649B37F0BCF4A76E7FFAF17E834764D432880B623B0238E7C977A707F37F8412C58B58AD791B25173FD5FB8E52CD519449EF0
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I^Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V^Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V^Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V^Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........a?.9.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1008761586\Google.Widevine.CDM.dll

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2877728
Entropy (8bit):	6.868480682648069
Encrypted:	false
SSDEEP:
MD5:	477C17B6448695110B4D227664AA3C48
SHA1:	949FF1136E0971A0176F6ADEA8ADCC0DD6030F22
SHA-256:	CB190E7D1B002A3050705580DD51EBA895A19EB09620BDD48D63085D5D88031E
SHA-512:	1E267B01A78BE40E7A02612B331B1D9291DA8E4330DEA10BF786ACBC69F25E0BAECE45FB3BAFE1F4389F420EBAA62373E4F035A45E34EADA6F72C7C61D2302ED
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....fd.........." ......(..........A&.......................................,.......,...`A.........................................V......V......`,......`+..p....+. )...p,......D.8....................C.(.....(.8...........p\..............................text.....(.......(................. ..`.rdata..h.....(.......(.............@..@.data....l......&.................@....pdata...p...`+..r.................@..@.00cfg..(.....+......p+.............@..@.gxfg....$....+..&...r+.............@..@.retplnel.... ,.......+..................tls.........0,.......+.............@....voltbl.D....@,.......+................._RDATA.......P,.......+.............@..@.rsrc........`,.......+.............@..@.reloc.......p,.......+.............@..B........................................................................................................................................

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1008761586\_metadata\verified_contents.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1778
Entropy (8bit):	6.02086725086136
Encrypted:	false
SSDEEP:
MD5:	3E839BA4DA1FFCE29A543C5756A19BDF
SHA1:	D8D84AC06C3BA27CCEF221C6F188042B741D2B91
SHA-256:	43DAA4139D3ED90F4B4635BD4D32346EB8E8528D0D5332052FCDA8F7860DB729
SHA-512:	19B085A9CFEC4D6F1B87CC6BBEEB6578F9CBA014704D05C9114CFB0A33B2E7729AC67499048CB33823C884517CBBDC24AA0748A9BB65E9C67714E6116365F1AB
Malicious:	false
Reputation:	unknown
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJHb29nbGUuV2lkZXZpbmUuQ0RNLmRsbCIsInJvb3RfaGFzaCI6Im9ZZjVLQ2Z1ai1MYmdLYkQyWFdBS1E5Nkp1bTR1Q2dCZTRVeEpGSExSNWMifSx7InBhdGgiOiJtYW5pZmVzdC5qc29uIiwicm9vdF9oYXNoIjoiYk01YTJOU1d2RkY1LW9Tdml2eFdqdXVwZ05pblVGakdPQXRrLTBJcGpDZyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6Im5laWZhb2luZGdnZmNqaWNmZmtncG1ubHBwZWZmYWJkIiwiaXRlbV92ZXJzaW9uIjoiMS4wLjI3MzguMCIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"KTPeHzS0ybFaz3_br3ASYWHjb6Ctul92067u2JMwtNYYm-4KxLiSkJZNBIzhm6hNSEW2p5kUEvHD0TjhhFGCZnWm9titj2bqJayCOAGxZb5BO74JJCRfy5Kwr1KSS4nvocsZepnHBmCiG2OV3by-Lyf1h1uU3X3bDfD92O0vJzrA8rwL2LrwIk-BolLo5nlM0I_MZwg8DhZ8SFBu9GGRVB2XrailDrv4SgupFE9gqA1HY6kjRjoyoAHbRRxZdBNNt9IKNdxNyaF9NcNRY8dAedNQ9Tw3YNp5jB7R9lcjO4knn58RdH2h_GiJ4l96StcXA4e7cqbJ77P-c

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1008761586\manifest.fingerprint

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.974403644129192
Encrypted:	false
SSDEEP:
MD5:	D30A5BBC00F7334EEDE0795D147B2E80
SHA1:	78F3A6995856854CAD0C524884F74E182F9C3C57
SHA-256:	A08C1BC41DE319392676C7389048D8B1C7424C4B74D2F6466BCF5732B8D86642
SHA-512:	DACF60E959C10A3499D55DC594454858343BF6A309F22D73BDEE86B676D8D0CED10E86AC95ECD78E745E8805237121A25830301680BD12BFC7122A82A885FF4B
Malicious:	false
Reputation:	unknown
Preview:	1.c900ba9a2d8318263fd43782ee6fd5fb50bad78bf0eb2c972b5922c458af45ed

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1008761586\manifest.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	145
Entropy (8bit):	4.595307058143632
Encrypted:	false
SSDEEP:
MD5:	BBC03E9C7C5944E62EFC9C660B7BD2B6
SHA1:	83F161E3F49B64553709994B048D9F597CDE3DC6
SHA-256:	6CCE5AD8D496BC5179FA84AF8AFC568EEBA980D8A75058C6380B64FB42298C28
SHA-512:	FB80F091468A299B5209ACC30EDAF2001D081C22C3B30AAD422CBE6FEA7E5FE36A67A8E000D5DD03A30C60C30391C85FA31F3931E804C351AB0A71E9A978CC0F
Malicious:	false
Reputation:	unknown
Preview:	{. "manifest_version": 2,. "name": "windows-mf-cdm",. "version": "1.0.2738.0",. "accept_arch": [. "x64",. "x86_64",. "x86_64h". ].}

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1405382660\LICENSE

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1558
Entropy (8bit):	5.11458514637545
Encrypted:	false
SSDEEP:
MD5:	EE002CB9E51BB8DFA89640A406A1090A
SHA1:	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
SHA-256:	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
SHA-512:	D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
Malicious:	false
Reputation:	unknown
Preview:	// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1405382660\_metadata\verified_contents.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1864
Entropy (8bit):	6.021127689065198
Encrypted:	false
SSDEEP:
MD5:	68E6B5733E04AB7BF19699A84D8ABBC2
SHA1:	1C11F06CA1AD3ED8116D356AB9164FD1D52B5CF0
SHA-256:	F095F969D6711F53F97747371C83D5D634EAEF21C54CB1A6A1CC5B816D633709
SHA-512:	9DC5D824A55C969820D5D1FBB0CA7773361F044AE0C255E7C48D994E16CE169FCEAC3DE180A3A544EBEF32337EA535683115584D592370E5FE7D85C68B86C891
Malicious:	false
Reputation:	unknown
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiIyNXB3SWdtQWU2QTVoeDVVTG9OV0laODBLbzJjbktOTHpacUdjbjlLT2c4In0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiOWVza0FuRlBsM3VCQzkwUmFWakxNaVI3NXZIQi0wQUVmMmg0RzU3ZXNpcyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC44LjEwLjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"dU2MmRUQSugaJAJvEN4uaQHx-KXdOkjj0yK8_aH4Afr3kN7DPOZRt6yLTS3UchBE5M-dgPPPBuKADj4KEK4B22SO6WQquL5J27AUPqQBGgr44-iFGVJdOLLlfirFlJmcYv6DUFRYiPsQFGMr1JFqInj19jgkOxzR6qqcNuTCB0wGEMeTU80r-igCjeQG6TIzPro7yKd_-UxsxO6OGAySmlIJIoU54X0p0ATNoZyAfkhb8kb0oN8unOU

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1405382660\manifest.fingerprint

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.9159446964030753
Encrypted:	false
SSDEEP:
MD5:	CFB54589424206D0AE6437B5673F498D
SHA1:	D1EF6314F0F68EFDD0BA8F6CA9E59BFF863B1609
SHA-256:	285AC183C35350B4B77332172413902F83726CA8F53D63859B5DA082FD425A1C
SHA-512:	70FDCA4A1E6B7A5FFED3414E2DB74FECA7E0FD17482B8CB30393DFEE20AB9AD2B0B00FF0C590DD0E8D744D0EAD876CE8844519AF66618ED14666BCA56DF2DA21
Malicious:	false
Reputation:	unknown
Preview:	1.dbf288588465463a914bdfc5e86d465fb3592b2f1261dc0e40fcc5c1adc8e7e4

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1405382660\manifest.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.4533115571544695
Encrypted:	false
SSDEEP:
MD5:	C3419069A1C30140B77045ABA38F12CF
SHA1:	11920F0C1E55CADC7D2893D1EEBB268B3459762A
SHA-256:	DB9A702209807BA039871E542E8356219F342A8D9C9CA34BCD9A86727F4A3A0F
SHA-512:	C5E95A4E9F5919CB14F4127539C4353A55C5F68062BF6F95E1843B6690CEBED3C93170BADB2412B7FB9F109A620385B0AE74783227D6813F26FF8C29074758A1
Malicious:	false
Reputation:	unknown
Preview:	{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.8.10.0".}

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1405382660\sets.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9748
Entropy (8bit):	4.629326694042306
Encrypted:	false
SSDEEP:
MD5:	EEA4913A6625BEB838B3E4E79999B627
SHA1:	1B4966850F1B117041407413B70BFA925FD83703
SHA-256:	20EF4DE871ECE3C5F14867C4AE8465999C7A2CC1633525E752320E61F78A373C
SHA-512:	31B1429A5FACD6787F6BB45216A4AB1C724C79438C18EBFA8C19CED83149C17783FD492A03197110A75AAF38486A9F58828CA30B58D41E0FE89DFE8BDFC8A004
Malicious:	false
Reputation:	unknown
Preview:	{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://drimer.io","asso

Chrome Cache Entry: 156

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.3503139230837595
Encrypted:	false
SSDEEP:
MD5:	7977D5A9F0D7D67DE08DECF635B4B519
SHA1:	4A66E5FC1143241897F407CEB5C08C36767726C1
SHA-256:	FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
SHA-512:	8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
Malicious:	false
Reputation:	unknown
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.GZmhE2vV14w.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTuKvZ-nsYNivRzfGpm8QSi6tMFrvg"
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 157

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 432 x 200, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	28825
Entropy (8bit):	7.967865494486936
Encrypted:	false
SSDEEP:
MD5:	CED19501A9F990530DB90AE861935090
SHA1:	BA953C1351E75D80A1D893794BBE1D6A2B133635
SHA-256:	0B22620E424715205FE8F97CC8C045CF2A71BBCCFE4F11E7890629213D85EA4C
SHA-512:	406923D85FB1E1FCDA316D1311FFAD3D6C3C0296BF34C6FAE2104B4E521CD691417BBE8CC1416CFD224F7E2FE8A99FD29A25838CCB1511010C00899EC1C3F37D
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/logos/2024/halloween24/rc1/cta.png
Preview:	.PNG........IHDR...............D.....PLTEGpL.x..~....s%c..>...... .!:.1Y.Cb.Ke.Tk.Tp.]w.cR.<E.:).&.........{.hZ.JO.BbV.........{...2.+.......uD"i..........n......4.mE-..l...Q9.ac...@."wjG.C6..u.v..k.dE..\..g}=1..'...3..P..t..j.y..............[;.4.KnN......n.f..e...._."xF2.aI.kR.uX.X@.1+.&+.."\|/+..`...[A..&.I7.mI..W~.vzY2~;"x..).:.Q.Q6.2>."zN9........s..CPra8.\|Y..........2..eF.+.jpX..W.r<p?.\e=..h.....w.i.U-yiB.^I.....z.U.D.MgQ.C)..z._..D..<.sG.wP.I"gA.(L.5..~7.s%.M&m...W..w.7-.]4...E...K...e..........p.".[.^.S7..aQ....4el%Uv-^.M.qF.jB.wI.c?._<.^%Ng2`[.}.Z...[9..^..w.}.f.............!.q.Z......w.`.%......VB.....O.r.j.............(.ub...CN....ys.hf..\|.}...................N^.....;.v......,..0..Y..3..7..@..A..?..C..L.i{.^t..B.Wl..F..3..K..".........w..o..$..)..../`.....tRNS..1.....................A........}...........................................I....................................................................................................

Chrome Cache Entry: 158

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 22180, version 1.0
Category:	downloaded
Size (bytes):	22180
Entropy (8bit):	7.99033920580306
Encrypted:	true
SSDEEP:
MD5:	E905A9BE581B8C837C48020AF6C606A0
SHA1:	E00C1833F1C65B812094C149B314800350F54685
SHA-256:	58180E3CBA5A736E1875C690B3A756DABC7EE19960F4C66A692D42E5679C13D0
SHA-512:	BCAF31FAB00B69FC58AEF04EFC77C1E3786CD46E294B67AE862EB6E9D29FA4515E884BA6E105907D1E50593AD8220DDCDA428125CAE5118383A9BB6CEAE2549B
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/googlesans/v62/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJllpyk.woff2
Preview:	wOF2......V...........VA..........................j...H....`?STATx..B.....H..!.....6.$..V. ..6..:...=....N.U.(..v..m...f..._~d.Qa...-....?#A...g.3.Y..@.....fv.....;..G[.N..9%1..Y.. ..{.EL..2`.>..>hS%..P.....W..../b.~.yy.Y.(l..3..jg...y....+..'=#n..(...h.r.....w.u"nfUs.....O._.;....?.....1.!.G@..!..CD...Zb...ql........M-m......@)...c.....\|...}.w..D...$.(...,.<...N}.$..6{..H.i.m..#...O<.........%.K(m..&..%..]......$u.)V...0c.S\6/...vb...........e..va.....o.e..].....?.c..Q....Z.......ar)W&.I.R.$...........,!.._O)..!u...;.U..4..>.3....3.....S`IPM.r.y..n....&.u..XMg.....D....j.\|P.n......HJ.......~..O\|..?(.......]R....ex.\|....Av.[.....\.$.=.Nm.")...1...H0O...P.d:....R...z.......Krz...9.&.4.+.Gn...h.($}R=.E......[...[.?...'."$..?....h...vW...~CH..!...^f#))..Da._x.../$..0....4.K5+Ya.hrm...?.;...F&.iO&....B.0vm..m._3.O..-..AF.d. \|.z..x.A.7.-.;..{......%.B#.;U(UU]Z../.....n^3..;.,.U-<._..[0.9)..E4..w.._x6.o.n.....B.!.lk../.7-.O..g.Z..""F...1FT...a.).<.

Chrome Cache Entry: 159

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3139)
Category:	downloaded
Size (bytes):	569046
Entropy (8bit):	5.782082413671813
Encrypted:	false
SSDEEP:
MD5:	79DA7A06B6DB5CC2A58A4D196F59DE60
SHA1:	962807E764F2E41791DE558B81EC9D064CEB64E3
SHA-256:	58BE44D9B9748972761FB3F520DA14AA25FD94126152B4299B94F35BCCE9FFC8
SHA-512:	5628E16D44B734922D5F44AFA883416953FB4E70E57E577D5D4C472331C1D122F57923953E68485794DFDE8D7E09197438B5FD95D3F5C2A56E7BAC1B4C56297F
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/logos/2024/halloween24/rc1/halloween24.js
Preview:	(function(){'use strict';var h,aa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");}var ca=ba(this);.function da(a,b){if(b)a:{var c=ca;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&aa(c,a,{configurable:!0,writable:!0,value:b})}}function ea(a){function b(d){return a.next(d)}function c(d){return a.throw(d)}return new Promise(function(d,e){function f(g){g.done?d(g.value):Promise.resolve(g.value).then(b,c).then(f,e)}f(a.next())})}function m(a){return ea(a())}da("Symbol.dispose",function(a){return a?a:Symbol("Symbol.dispose")});.function fa(a,b){a instanceof String&&(a+="

Chrome Cache Entry: 160

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (1738)
Category:	dropped
Size (bytes):	1755
Entropy (8bit):	4.916094239043002
Encrypted:	false
SSDEEP:
MD5:	9F0491F182E1D28E160128A22B296365
SHA1:	A069B5B7CBB3CB118A204F06FD0497FE44B6244D
SHA-256:	F52668578567C0A6520D105A971984658745469EB7B407BB9A38276A29DB5460
SHA-512:	417CE0762AA706FDFE5CA42148F9E322BC4331EB08AC2507ACBCC0DB6B4A0A49A190F7FA3F1EF41A963AF64D35A9DB92DB08BE3356BC99C6D769307D4DFB20F4
Malicious:	false
Reputation:	unknown
Preview:	)]}'.{"altitude_1":"0 - 12 km","altitude_2":"12 - 50 km","altitude_3":"50 - 80 km","altitude_4":"80 - 700 km","altitude_5":"700 - 10,000 km","banner_draw":"Draw!","banner_ready":"Ready","banner_set":"Set","boss_1":"Giant golden-crowned flying fox","boss_2":"Polar stratospheric clouds","boss_3":"Red sprite","boss_4":"Constellations","boss_5":"The sun","btn_copy_link":"Copy link","btn_facebook":"Facebook","btn_home":"Home","btn_mute":"Mute","btn_pause":"Pause","btn_play_part_1":"Play part 1!","btn_play_part_2":"Play part 2!","btn_play_prev_game":"Play Previous Game","btn_replay":"Replay level","btn_search":"Search","btn_share":"Share","btn_skip":"Skip","btn_unmute":"Unmute","btn_x":"X","congrats":"Congrats!","game_over":"Game over","halloween":"Halloween","halloween_2024":"Halloween 2024","happy_halloween":"Happy Halloween!","layer_1":"Troposphere","layer_2":"Stratosphere","layer_3":"Mesosphere","layer_4":"Thermosphere","layer_5":"Exosphere","level_1":"Level 1","level_2":"Level 2","level

Chrome Cache Entry: 161

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2287)
Category:	downloaded
Size (bytes):	178061
Entropy (8bit):	5.555305495625512
Encrypted:	false
SSDEEP:
MD5:	2901E98725751AAF9E3A6DA8A0AE100F
SHA1:	9A03B9B58521464BEA5EFDB95898D7A4DE2D66C6
SHA-256:	783C8FCA9918286C64FDD9C6DF8BB841815E5F6BA7BA95424DF63EA1ACF01B2D
SHA-512:	21235956E9B45B0C78055C8862072DE63FB1971F6396945610AC925A3E9D2D9FFAEC996DF4A64B33BC57B0EF6CF185A68DAC17D9AD5E570277CDD2BB869C9EBD
Malicious:	false
Reputation:	unknown
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.mTUNAFoITms.2019.O/rt=j/m=q_d,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTu-nsZOrMYTmX5E4o0SDpwg5MUFYA"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.kj=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var lj,mj,oj,rj,uj,tj,nj,sj;lj=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};mj=function(){_.Ka()};oj=function(){nj===void 0&&(nj=typeof WeakMap==="function"?lj(WeakMap):null);return nj};rj=function(a,b){(_.pj\|\|(_.pj=new nj)).set(a,b);(_.qj\|\|(_.qj=new nj)).set(b,a)};.uj=function(a){if(sj===void 0){const b=new tj([],{});sj=Array.prototype.concat.call([],b).length===1}sj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.vj=function(a,b,c,d){a=_.zb(a,b,c,d);return Array.isArray(a)?a:_.Qc};_.wj=function(a,b){a=(2&b?a\|2:a&-3)\|32;return a&=-2049};_.xj=function(a,b){a===0&&(a=_.wj(a,b));return a\|1};_.yj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.zj=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.Dj=function(a,b,c,d,e,f,g){const h=a.ea;var k=!!(2&b);e=k?

Chrome Cache Entry: 166

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 168

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6413)
Category:	downloaded
Size (bytes):	6418
Entropy (8bit):	5.790158241068222
Encrypted:	false
SSDEEP:
MD5:	6AB2BF347E87A0556C55405D4442CF13
SHA1:	97B409F4A6F4AA6E7498EEB02CE3DFA05775770B
SHA-256:	E9A0799F3487C9A49BEB2AB052DFDE212A0D41B479F1F2172A4853D9DF50C44C
SHA-512:	F4457E91B7AAEE5034868B484920468344723AA0D50CE0F4B1A5C7F550E547152DA66766F49462BD379ABCFB4251D30646940A8623B070A1A3D8600E09E0645A
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["only murders in the building season 5","super micro computer stock","black ops 6","hawaii weather snow","blockbuster store bend oregon","college basketball","mega millions lottery numbers","veilguard dragon age"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"google:entityinfo":"Cg0vZy8xMXk0eWs3aGs1EgpWaWRlbyBnYW1lMvoGZGF0YTppbWFnZS9wbmc7YmFzZTY0LGlWQk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFFQUFBQUF3Q0FNQUFBQ1dsWXd0QUFBQWsxQk1WRVgvLy84QUFBQzZ1cnFibTV2VTFOUyt2cjdSMGRHZ29LRHU3dTVhV2xyRXhNUmVYbDdZMk5oeWNuS2pvNk9LaW9wVVZGU3JxNnRIUjBmMjl2Yms1T1JNVEV4QlFVR3pzN01jSEJ5Q2dvSmpZMlA4MnN6ZTN0NXBhV2s4UER4OGZId3FLaW8xTlRVT0RnNFdGaGFUazVQNmkxSDZVd0Q1V3dEM2VDNys5Ky8vVFFENTA3cjZ5YTM3bVdmNnNJMzh6cnY3NU5heEVBOXFBQUFCc2tsRVFWUklpZTJUMlhxYk1CQkc1eGNJSkJCbVg4dGl1OFNKRXp2dCt6OWRCM0FYSExjMzdWMDVGM3pTakRpTVJvSm9ZMk5qNDU1VVNLRW9rMUpRS3h4U1FpNXhIc3loTmhXT0k2VTBQUFBFQThF

Chrome Cache Entry: 169

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2134)
Category:	dropped
Size (bytes):	13188
Entropy (8bit):	5.4223896155104025
Encrypted:	false
SSDEEP:
MD5:	7C96A5F11D9741541D5E3C42FF6380D7
SHA1:	D3FA2564C021CF730E58FFDDB138CF6B57ED126E
SHA-256:	81016AC6BE850B72DF5D4FAA0C3CEC8E2C1B0BA0045712144A6766ADFAD40BEE
SHA-512:	23C162A2E268951729B580E5035AD6CA9969CFCC5CE58A220817B912E76B38BE6C29C3CA7680CB4E8198863D95A72EA65BD06FF7189B5C8475E4C1CE501AEAB1
Malicious:	false
Reputation:	unknown
Preview:	/. Copyright 2016 Small Batch, Inc.. . Licensed under the Apache License, Version 2.0 (the "License"); you may not. * use this file except in compliance with the License. You may obtain a copy of. * the License at. . http://www.apache.org/licenses/LICENSE-2.0. . Unless required by applicable law or agreed to in writing, software. * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT. * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the. * License for the specific language governing permissions and limitations under. * the License.. /./ Web Font Loader v1.6.26 - (c) Adobe Systems, Google. License: Apache 2.0 */(function(){function aa(a,b,c){return a.call.apply(a.bind,arguments)}function ba(a,b,c){if(!a)throw Error();if(2<arguments.length){var d=Array.prototype.slice.call(arguments,2);return function(){var c=Array.prototype.slice.call(arguments);Array.prototype.unshift.apply(c,d);return a.apply(b,c)}}return function(){return a.app

Chrome Cache Entry: 170

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1572)
Category:	downloaded
Size (bytes):	13971
Entropy (8bit):	5.60028192455335
Encrypted:	false
SSDEEP:
MD5:	71D89E06E97A066D10F7387ACC7515C8
SHA1:	21B9E77FC944F01AAB68F11DC76BB1119ACD357A
SHA-256:	36231A5B40A0D607962E1BDB955E3846F4A60EB0E6527618783309B493473567
SHA-512:	16F8AF369B5A6C5DC9EB453A445C431B0039BBD485B8551A110F7BB8F3E2CC7C95EE5A3F720B99C28990CE10E6C9EEBAB604A7CAFB3FA005E8C0F0CABCCD43AA
Malicious:	false
Reputation:	unknown
URL:	https://fonts.googleapis.com/css?family=Itim%7CGoogle+Sans%7CGoogle+Sans+Text
Preview:	/. See: https://fonts.google.com/license/googlerestricted. /./ armenian /.@font-face {. font-family: 'Google Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/googlesans/v62/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJl1pynSEg.woff2) format('woff2');. unicode-range: U+0308, U+0530-058F, U+2010, U+2024, U+25CC, U+FB13-FB17;.}./ bengali /.@font-face {. font-family: 'Google Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/googlesans/v62/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJl3pynSEg.woff2) format('woff2');. unicode-range: U+0951-0952, U+0964-0965, U+0980-09FE, U+1CD0, U+1CD2, U+1CD5-1CD6, U+1CD8, U+1CE1, U+1CEA, U+1CED, U+1CF2, U+1CF5-1CF7, U+200C-200D, U+20B9, U+25CC, U+A8F1;.}./ canadian-aboriginal */.@font-face {. font-family: 'Google Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/googlesans

Chrome Cache Entry: 171

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	134138
Entropy (8bit):	5.438874026374853
Encrypted:	false
SSDEEP:
MD5:	79605BA9ABBB9D74E895C7D2EFD10162
SHA1:	BE1F2F22E1041144BA382F615FF03ADF72B4ED6C
SHA-256:	870BE382A9AFF649B9388559CCD19F981B86F9D755AD35359FB400D2B066A79A
SHA-512:	02F2A45FF43284080202726A7D8D7F504B2F9CD71D7B6DC2604CAE7B87F7588498A1F5FB8290C8B72F61498DEFFB4B993EA5700EF58ACB2EAE1B291B167F0061
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_1d gb_Pe gb_pd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Od\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_jd gb_nd gb_Ed gb_kd\"\u003e\u003cdiv class\u003d\"gb_vd gb_qd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 173

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1302)
Category:	downloaded
Size (bytes):	117949
Entropy (8bit):	5.4843553913091005
Encrypted:	false
SSDEEP:
MD5:	A5D33473ED0997C008D1C053E0773EBE
SHA1:	FEB4CB89145601A0141CC5869BEDF9AE7CD5CB80
SHA-256:	14C27BB0224FCF89A43B444B427DABE3D0AF184CAA7B6B4990CE228C51AE01C1
SHA-512:	3C0A48F9FA05469F950D9A268F1B3E9285A783A555EE597A2E203B688EB0FBCAEA3F4DE9BC8F5381C661007D0C6C4AFA70C19B7826D69A0E2A914A55973D14BD
Malicious:	false
Reputation:	unknown
URL:	"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0"
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x800000, ]);.var da,ea,ha,na,oa,sa,ta,wa;da=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);na=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}};.na("Symbol",function(a){if(a)r

Chrome Cache Entry: 174

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	123
Entropy (8bit):	5.558141082779602
Encrypted:	false
SSDEEP:
MD5:	924E5011E1AFD8D9210FF37D10B390B8
SHA1:	5EE191EA69FF096198C00DA5B637D5EB86E6C855
SHA-256:	E7808688F2997ECDB2C774305E63F1D95986DCCACCF603C0C68F6B234ED743B9
SHA-512:	D40532644E659653C2CE868C454A893A2F2F8590A23F440D0D644D080FD58143E76E8478CA50580EB6D87E51EFA70E0341DBE671D9AAB85BA8C02C5F6AEF0231
Malicious:	false
Reputation:	unknown
Preview:	)]}'.{"ddllog":[null,"/gen_204?atyp\u003di\u0026ved\u003d0ahUKEwii8szB6LaJAxWI2gIHHc7XINsQNwgB","74UiZ-K-JIi1i-gPzq-D2Q0"]}

Chrome Cache Entry: 175

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2445 x 200, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	39056
Entropy (8bit):	7.9751963692159435
Encrypted:	false
SSDEEP:
MD5:	039D363BC3BC073DD72997284690F1F2
SHA1:	2724E837C8164D9F7072BCD9BB5A1063DE6C3AD8
SHA-256:	BE08176B2D894400B087919B81450AF753A51A268BD46FC2046EB1425802D41E
SHA-512:	2FBB2DFF8884492C0A229FD41B57C08C8B5BA81A628CB29D5DF6ABEDC3A5FC7FF08E27427F0FD5A6D5EDF8A84A6BAA906CCB712A1764AD859BC8441C803B7499
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............X......PLTEGpL..............................................................................................b................o...y.................[q.u.....y.g.....ysV.@W.A.....W.AT.>....z........X.Bv.c....xT.=...X.C......z..w.d..x.f..T.>..{u.bt.a.......y...vT.>...T.>S.=..S.>S.=}.kR.<Q.;Q.;O.9..M.7T.>M.6u.bW.B*..c.OK.4/..J.3.}.e,Qk/W....c.V.@.........Ms0..c.N...{HjU.?.......G.03.......{.....t...J.3r2_V.@...K.5...V.AW.A.........o.[.F6....V.@a.M.....{:.!J.3`.Lf.Re.Q.Z..}.g.Sj.Vb.M...S.=\.G.q..Eoq.^W.A.c....H.1..}r1`g.RJ.39. ...j.Uo.\].Hh.Tw.d^.I..x9..S.=..xa.Me.Qv.ct.a.R{H.0S.=4..s2as._p.]u.b~Am..vK.4..nf(R=.$s.`q.^...W.An.[p.]..q(.....J.3...p.\=.%..t......f.Q...p.\....o..q~.l\|.jz.gd.On.[x.eu.bb.M.........b.NX.Cf.Qq.^c.Nh.Th.Sn.[k.Wk.W.....\|.......1.K....tRNS..y.9.Q..Z2.....j+...#...c.rI3@....W!......IB....e........\|#../......Z.k......#)..f4 ..$.).:27=B{HNQ@VAdWJ].s...\...Sx.b..b\.....i.h.p.nt....He.yB..nv};l......~..5...\|..S.

Chrome Cache Entry: 176

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 46156, version 1.0
Category:	downloaded
Size (bytes):	46156
Entropy (8bit):	7.995721944157179
Encrypted:	true
SSDEEP:
MD5:	B348CAF31F0A044C982295ABE31308D5
SHA1:	4C654B11AF7C4C60383E4CA73F42A27CBEC26663
SHA-256:	DAE35EA200994F4D0871B2A0FA9E74492A64F0B0AFE741AF7EFC5DA4437E2715
SHA-512:	66EE38FCBA9D81A3CCCFA82A0082A0D340A019343B64EB4C4066079510F0EFB03CA3E5B474EFF09C33387FF55918E4EB6B0502C8323CA74DBAB2F59BBE0E088E
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/itim/v14/0nknC9ziJOYe8ANAkA.woff2
Preview:	wOF2.......L.....................................(.....H.`..$.8..o.....4..y..b..6.$..>. .....@...[..q..........\{\|..m..f..A........V....'.....Td.`.n.9.......r..2.V..XZ$..."{..]u@f....:_..a...;.&.ZZ..Q...\...(i.....t+.x.........<l..4.n.mB.xx<..r..k...H..,...qi..n.MZ.c....}..K.....,....+'.#.i9Py#.y..lX.........."N.V.N.....D...Y..I.<....=..).E...D..+..{I?..:.+w...r.....{...}..._}6..E.?_D. V.X.f.Y1#k..m:..s).Os....+k@a.?.O...k..R...D.x.u.p..Pb..2..c.y.....$..N....1(.F8.4....I..2.1Hm.#....'J..M._.O..`$...(..I.....f...9$...V"..O"....QW...Q.u&.D\|...r....RY..-.7..6....X.._T\|.o....Z.R......]..SL"..o...x..G..\|.v..v..\...........B..<.b\|...9o._..B.B...P1.R.P..3.b..{<........D.s.......WF.-.....J3d#...1....Q.V.)j.j .Gk.o.....~Jd+\|..F.....<k.....C..M..t:...D.e..%<.x.\|...O. ...ei,.Y6..........w...X6....t......+$kf..r....2....6.q$......uV.s...T.....I[J....ypw6..\.F./..........sb.y...."......._q......s....1.ONB1.C.)..K=J.J.a\.&.d'C..(.L..._.*}..$A.......

Chrome Cache Entry: 177

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	123
Entropy (8bit):	5.566112220920628
Encrypted:	false
SSDEEP:
MD5:	17B45E9FF8FA0C33A20C632383DF9B81
SHA1:	004DBA6DD79C2F62FEC657D379801A8834B417C0
SHA-256:	8BF501759306E895A758A24D2DCCCEEE9C0D1F8ADA8DBE25F080926FF4AF2457
SHA-512:	D2093EEB090FA04E6097C902EA1C77291211F3972D2748693B9FD6F5F5B3B834BE9BD0D7F6CB51022C8113101E06390879305A75129DAD2CACF64ABE402ECF3A
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/async/ddllog?async=_fmt%3Ajspb%2Cdoodle%3A306734893%2Cslot%3A0%2Ctype%3A3%2Ccta%3A1%2Cntp%3A1
Preview:	)]}'.{"ddllog":[null,"/gen_204?atyp\u003di\u0026ved\u003d0ahUKEwi1_YTB6LaJAxUcgv0HHe7YMYcQNwgB","7oUiZ7XOGZyE9u8P7rHHuQg"]}

Chrome Cache Entry: 178

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (9068)
Category:	downloaded
Size (bytes):	9073
Entropy (8bit):	5.663603984253997
Encrypted:	false
SSDEEP:
MD5:	978D3C23417CB484DC837EA9B1DF428D
SHA1:	34101C393CB96DD0355E9A60036816DB154ACB6B
SHA-256:	17E5D2BE4D8CB3F26D5E31687B76D56E2837BA612D41EF8B3D6C33ACC016E2D7
SHA-512:	C1477B9076052661DB67FCDD2BD0A9EDE13A2A093D73BDB7D84CFAE398FB14D6F9A1F52BFD9F7197CD2B68B41C9AE8B20E12E59BE1A3AA9E2735445E83750F12
Malicious:	false
Reputation:	unknown
URL:	"https://www.google.com/async/ddljson?async=ntp:2,es_dfp:4d7a2eb2"
Preview:	)]}'.{"ddljson":{"accessibility_description":"","alt_text":"Halloween 2024","cta_log_url":"/async/ddllog?async\u003ddoodle:306734893,slot:21,type:1,cta:1","dark_large_image":{"alternate_url":"https://lh3.googleusercontent.com/REGrQy-IFMgG7RtwpN8uHMPPLk6c5AOk6ih_yrj5nRgk4kt6t1v2YwQh_9Ek1FA4fN01nM_RT-2gBtv4PxOuNk6QdHqdsPa5N8LOs9myWVkihqCqFHXOSQ","background_color":"#1f1f1f","brightness":"DARK","height":200,"image_id":6752733080611749,"image_name":"Large","is_animated_gif":false,"overlay_icon_color":"#9aa0a6","slot":54,"theme_color":"","url":"/logos/doodles/2024/halloween-2024-6753651837110311.2-l.png","variant":[{"mime_type":"image/webp","url":"/logos/doodles/2024/halloween-2024-6753651837110311.2-l.webp"}],"width":432},"dark_log_url":"/async/ddllog?async\u003ddoodle:306734893,slot:54,type:1,cta:0","dark_share_button":{"background_color":"#303134","icon_image":"iVBORw0KGgoAAAANSUhEUgAAABYAAAAWCAYAAADEtGw7AAAAoklEQVR42mNIS0tjIAM7APFMIH4AxTOhYnA15Bp6Boj/o+EzyIaTY/BMLIbC8ExKDH6Ax+AHg85gZyC+

Chrome Cache Entry: 179

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Chrome Cache Entry: 180

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65194)
Category:	downloaded
Size (bytes):	98237
Entropy (8bit):	5.683299300403166
Encrypted:	false
SSDEEP:
MD5:	0ED6334BAA79870B1EF7E4ED6BA697D3
SHA1:	33CA2E66A35AE8D27A2A3CE9422430C3C6EA3116
SHA-256:	3D29C7D72B91038B082253AAC50F125AE443A0AAA10F431ED78C837DAA2197C2
SHA-512:	15CDB57DBA97D277D89C1F96B85B6FD8E410ED0CEF7325875214FD3AA64F8B7DF928EBA07BDA9EF2784852DCC262647AFB15C99F5A3444F526833DC0C4F0642B
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/logos/2024/halloween24/rc1/halloween24.html?hl=en&gl=US&ntp=2&theme_messages=0
Preview:	<!doctype html>.<html id="sadoodle">.<head>. <meta charset="UTF-8">. <meta http-equiv="X-UA-Compatible" content="IE=Edge">. <meta name="viewport" content="width=device-width,maximum-scale=1.0,user-scalable=no">.</head>.<body style="text-align:center">.<script nonce="G4pailFHyB0Lu9ka4fCzJQ">. window.google={};. window.google.doodle={};. window.google.doodle.l10n={"af":{"ALL":{"{{LOGO_ALT_TEXT_HTML}}":"Halloween 2024","{{LOGO_ALT_TEXT_JS}}":"Halloween 2024","{{LOGO_ALT_TEXT}}":"Halloween 2024","{{LOGO_ANCHOR_TARGET}}":"/search?q=Halloween&oi=ddle&ct=306734893&hl=af&kgmid=%2Fm%2F03lq2","Automatically Replaced Alt Text HTML":"Halloween 2024","Automatically Replaced Alt Text JS":"Halloween 2024","Automatically Replaced Alt Text":"Halloween 2024","Automatically Replaced Share Text JS":"Gelukkige Halloween! #GoogleDoodle","/search?q=automatically+replaced":"/search?q=Halloween&oi=ddle&ct=306734893&hl=af&kgmid=%2Fm%2F03lq2","{{TLD}}":"com","Automatically Replaced TLD":"com","{{LANGUAGE}}

Chrome Cache Entry: 181

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	86664
Entropy (8bit):	6.088926666553292
Encrypted:	false
SSDEEP:
MD5:	57C9CA5AB651511466E61C574DB7C2A4
SHA1:	4F01279B26B864C8F49E45DA70E6F8D202909028
SHA-256:	AC4E7DD1A5CCFE5670D7F6CEDFF2495F99134B7E6FD44D19E8422E8F30BB63ED
SHA-512:	33E77B022E0BEB670CF4AB7A2F9394ECC9D6EF82923D76B49A472376DE028E4CA2D4F0D2181BD93B69D70653749691D48D52746B3A31308A94924A89CCFCBEE6
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/async/ddljson?async=ntp:2
Preview:	)]}'.{"ddljson":{"accessibility_description":"","alt_text":"Halloween 2024","cta_data_uri":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAbAAAADICAMAAAC+lkQAAAADAFBMVEVHcEwcCx0AAAAIAQMgAhM4DDBZA0NhDlBrD1l0EWBPFUJSADs/DjYxCCoXAg0EAAEKAwOdWawDAQMFAAknBiN6E2YLAgRjJoQLAAyuB8KPCXtHFDuVCJbDAu6FB3CjA6vNAP8ZBB67BdgPAgZYHUmMJH6qE/+aCoRgAUoND0sOHnMNGmqae9yjfPnBkf7Lmf+2iv7UoP9aMn8QAxU1Fk1wUaerfvKvg/ugeuqZcOaPaOMLEVUKFWAkHXE6LpddRKVrUrd5XsJkS65XPaA2LoIlKogTIXoeJX6QbNSddr9eQ5gSJYBCNIMsJn9QPYBcOoObZH5oRX+IWn6uc3x4Tn42InLbpf8iCi4NARIsDz6LbMaHUMdUPZZ1VLvCjrT/54a9oXALCUJPKG9gNYbfmqnZwIEuABitjsptQpJHMp1rVM+CW6r+1Xjel3zDmN8/H1tmP4xRN56wf6fEfHuNY7VVLXmYa6gJCTKQVM5EFk1MNo05ASGnXt6XQreIOqeFRLMxPpT2tql7UZ5JIWZMADWslOnjrf+1gdtMJW0ICErKqMb0tIFBI4JRKnSDYst1SJaFY+AqGGX/9ZX/37H91Jb//a3/9eX///9CACpSO7FeK2UvK5AhFFm3Ym2jN45oSZ+dQ2Z+MmRxKlpGAC5+TMJwRrZqQbFwOWqJVqB3SLxjP61gPKlkIlHxtdthEoKbWdZbOqXTRuX+e/9nAVH9tP58BGZuAlfaJ9b6CfqoFZaNcljGIr3iLuBbQz23HKmhEY11A17RJslgS8ZYRcCgcvJ5V9flY/m4UdCTc/CuQbyvGp6jMq3/38y3TZn0NPfiiN

Chrome Cache Entry: 183

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15996, version 1.0
Category:	downloaded
Size (bytes):	15996
Entropy (8bit):	7.989012096227512
Encrypted:	false
SSDEEP:
MD5:	CC536892EABDE0EAEB81493BDA8E189A
SHA1:	15C0180AD7BDF9D0F963747447BC9446FC42D2DC
SHA-256:	97399A2914C593DA2895D9729AA0170A1956E91EE54CF7550696691949558A37
SHA-512:	94F605C4C4FE76EBDB2D5428C6BA69F83B75C65B6932251C0C3E90F92CC1F421FD9F15E81D5985693DC564B8644D90A26DA3E9C63976CF5862ED54D5ED0C4320
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/googlesanstext/v22/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEp2iw.woff2
Preview:	wOF2......>\|..........>...........................<..:..:.`..:.....p..~.....6.$..(. ..>..N.....5xn.u..b.....c..<..Rw.H..q.(.....9A...^.=h.%J...4.\.\.[....[....h.j..AP.....a..]N.o....6.a..uO..R.\|o...wO..t....s....^F...Oy....IN^..X...9sg...(;..L.....5.s~...?....%.0.f....b.. ..;.. "k+.v`.....1kq.\mqLp.]\|..Z\..O......=.......h..,u.................y.h.o.Z..%.....g#..B......V...3.r....J..>g.-rU?+.3A.....C...... .21..f...Z.......P..o..g\.b... v...6..0...b.....?..-WL...Z2...1..Q./....... ..C..G.^r....O......io;.o..4.<....7.Pm..!.Nu.=..Oc............e.w.g.....,...c...0V.P...R.){..u...>.fi..S.w.G...-..... $.8......w..hp...T@..Go....).......;.....B.)..p.\.?.-KC.S.5..pX9...'.!.-....R.Sg.>x.o.yP......S....a...m<.+".t%..3x.?3M;....k.....I&I.3g.26...p...}~....X.x..G.<)..k..U....AZ..A@....Cu..Tv{...\|v.04H.$Xc..E.)<...!........^..~.7P.u...xH..rX..8O....y.k(...0.p 0.%.U...Z...%...\|LlUJ.]L_...9..AX.$E.$.sa.(v8L!...rc.-....I..W..........^U...@.....3P............M..

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1008761586\Google.Widevine.CDM.dll

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1008761586\_metadata\verified_contents.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1008761586\manifest.fingerprint

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1008761586\manifest.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1405382660\LICENSE

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1405382660\_metadata\verified_contents.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1405382660\manifest.fingerprint

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1405382660\manifest.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6316_1405382660\sets.json

Chrome Cache Entry: 156

Chrome Cache Entry: 157

Chrome Cache Entry: 158

Chrome Cache Entry: 159

Chrome Cache Entry: 160

Chrome Cache Entry: 161

Chrome Cache Entry: 166

Chrome Cache Entry: 168

Chrome Cache Entry: 169

Chrome Cache Entry: 170

Chrome Cache Entry: 171

Chrome Cache Entry: 173

Chrome Cache Entry: 174

Chrome Cache Entry: 175

Chrome Cache Entry: 176

Chrome Cache Entry: 177

Chrome Cache Entry: 178

Chrome Cache Entry: 179

Chrome Cache Entry: 180

Chrome Cache Entry: 181

Chrome Cache Entry: 183

Static File Info