Edit tour

Windows Analysis Report
https://l.linklyhq.com/l/20elx

Overview

General Information

Sample URL:	https://l.linklyhq.com/l/20elx
Analysis ID:	1546219

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected non-DNS traffic on DNS port

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6900 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 7124 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1944,i,10920962342416295972,4803136127733577942,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 2936 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://l.linklyhq.com/l/20elx" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://l.linklyhq.com/l/20elx

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:61871 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:61873 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.183:443 -> 192.168.2.17:61878 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.17:61868 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:61868 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:61868 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:61868 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:61868 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:61868 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:61868 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:61868 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	DNS traffic detected: DNS query: l.linklyhq.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61880
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61878
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61873

Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:61871 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:61873 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.183:443 -> 192.168.2.17:61878 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@22/12@6/132

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1944,i,10920962342416295972,4803136127733577942,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://l.linklyhq.com/l/20elx"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1944,i,10920962342416295972,4803136127733577942,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
shortr.tls.gigalixir.com	34.133.74.21	true	false	unknown
www.google.com	172.217.16.196	true	false	unknown
l.linklyhq.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://l.linklyhq.com/l/20elx	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
108.177.15.84	unknown	United States	15169	GOOGLEUS	false
216.58.206.35	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.163	unknown	United States	15169	GOOGLEUS	false
142.250.186.142	unknown	United States	15169	GOOGLEUS	false
142.250.186.131	unknown	United States	15169	GOOGLEUS	false
142.250.184.206	unknown	United States	15169	GOOGLEUS	false
172.217.16.196	www.google.com	United States	15169	GOOGLEUS	false
34.133.74.21	shortr.tls.gigalixir.com	United States	2686	ATGS-MMD-ASUS	false
142.250.184.234	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.17
192.168.2.16
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1546219
Start date and time:	2024-10-31 16:32:35 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://l.linklyhq.com/l/20elx
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@22/12@6/132

Warnings

Exclude process from analysis (whitelisted): TextInputHost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.163, 142.250.186.142, 108.177.15.84, 34.104.35.123, 142.250.184.234, 142.250.186.131
Excluded domains from analysis (whitelisted): fonts.googleapis.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, fonts.gstatic.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://l.linklyhq.com/l/20elx

LLM Input / Output

Input	Output
URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": true, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: URL: https://l.linklyhq.com
URL: https://l.linklyhq.com/l/20elx Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "The link you clicked is unsafe, and we've blocked it.", "prominent_button_name": "Learn more", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://l.linklyhq.com/l/20elx Model: claude-3-haiku-20240307	```json { "brands": [ "LINKLY" ] }
	```json { "brands": [ "LINKLY" ] }

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 14:33:03 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9970666480086434
Encrypted:	false
SSDEEP:
MD5:	B239A052EC331E73D0A3FA6657181ADE
SHA1:	664C0AEAB208B921C7CEA8063E40FB89C1F7111A
SHA-256:	A41EB23E76C550CFCAB8309F3A950DD329E3FAB4F2C8CF96B675C63A071A410A
SHA-512:	66A81C8604A8B3D25D92D5D33DF598EDD76294D9AD6A1AE7D69363133128C03F28BC98EFCAE0812AB6DADBAD8C3E7B71456911E3BC781C52408ACC450E4DEE50
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....].,.+......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I_Y.\|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_Y!\|....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V_Y!\|....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V_Y!\|...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V_Y"\|...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............7n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 14:33:03 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.010442273304564
Encrypted:	false
SSDEEP:
MD5:	95FF6FFD6ECEF74EC93D8051F02B64F2
SHA1:	7676890318EB2FE518FC88E29B8F348592BE2FA0
SHA-256:	B561ABC29317872DD38A9120548CCD6719EC1AA5769E86DE098C4D5DAD99BE41
SHA-512:	5378E0D08C6E3E821CDBACCEF3656319DC9F5002E5D2C08C9200D58A3D8E5D1F1D05CD9C9BA7182920AB4FA9BB1BEB8541C856B1FCDA2C0584D327E6B4888F54
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....'..,.+......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I_Y.\|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_Y!\|....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V_Y!\|....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V_Y!\|...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V_Y"\|...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............7n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.0192355084171885
Encrypted:	false
SSDEEP:
MD5:	1EFC5ED41979CCD8DE70359ADD1BC6F7
SHA1:	C1A80D34625874E10E8AA9C44F86987A898FCAA6
SHA-256:	3F74B12BEBD083122858C4B301BA6D7B3AF70F1227E6DB623263F3BC603FF158
SHA-512:	A268CF23BCB2E89EA727ED001A0E11E93CED13216EA6566FC779AC00B8759DF1B92E7363C1D61723B295A3072B7252399B7ADE1482CC29BF8705D0DB9E04CA2C
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I_Y.\|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_Y!\|....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V_Y!\|....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V_Y!\|...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............7n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 14:33:03 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.0104388395704476
Encrypted:	false
SSDEEP:
MD5:	3DD2388B9232297AA9F0E2252227E58D
SHA1:	81E5940C2054E6A7A848BDC1085416743B7AF6AF
SHA-256:	D622A4793BB4C49BFC8C5137025D11E4C8CAC877E13D1B464DDA9AC1317ACEC2
SHA-512:	FD062033DE96FD5345C63428B50C1EC05C4E3209E96909EECCB333AE57CA2EFD4B5182D732BA40F79555390E271124EAB4D93E123C5C09FCAFF078E2C86316FD
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....#.,.+......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I_Y.\|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_Y!\|....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V_Y!\|....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V_Y!\|...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V_Y"\|...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............7n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 14:33:03 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9982384985381794
Encrypted:	false
SSDEEP:
MD5:	B49E1DAFDA4BE5E9C2E66EE5FCB5203F
SHA1:	A1A3DB0BB787BC4C3CD2FB6CB616C9B17EC5674E
SHA-256:	F27E7C9E83D56530AEBB872A5D75071816832CD2A9E8CFAB8ED5D18D934EB964
SHA-512:	368279A1A100A52492004111DCADA7EC8AC7A9D3D32C6957F9C478023A9E1D7374A21E43C72FDB11591DAF7B2C41C4628C44C5304DF05E5AFC0A6D8D904102F4
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....j.,.+......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I_Y.\|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_Y!\|....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V_Y!\|....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V_Y!\|...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V_Y"\|...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............7n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 14:33:03 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.007729573156229
Encrypted:	false
SSDEEP:
MD5:	416265B45A3D67474F75810C79F09B65
SHA1:	27CA83856AE9D8E4F4C6626932AF6F65D8FFD0A5
SHA-256:	3EEB57C7AB79E59F3CAD5EE733E822F390D78E1FD968618E4458941D2F1D3A64
SHA-512:	F9F81064ABD587C97F2C0CE6A20EFD4AD793B614AB3222584085D71885BA13CFC8961B3187E84F2E21DDDEF07651F4C1990062C957C48DCF2A5D285FA96FD23E
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....1N.,.+......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I_Y.\|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_Y!\|....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V_Y!\|....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V_Y!\|...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V_Y"\|...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............7n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 151

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 23040, version 1.0
Category:	downloaded
Size (bytes):	23040
Entropy (8bit):	7.990788476764561
Encrypted:	true
SSDEEP:
MD5:	DE69CF9E514DF447D1B0BB16F49D2457
SHA1:	2AC78601179C3A63BA3F3F3081556B12DDCAF655
SHA-256:	C447DD7677B419DB7B21DBDFC6277C7816A913FFDA76FD2E52702DF538DE0E49
SHA-512:	4AEBB7E54D88827D4A02808F04901C0D09B756C518202B056A6C0F664948F5585221D16967F546E064187C6545ACEF15D59B68D0A7A59897BD899D3E9DDA37B1
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2
Preview:	wOF2......Z........8..Y...........................B.p.`..D....e.....d.....B..6.$..v. .....E.K...5l\e.v.~S$}.".8.....5.E....s...ai`W.u..8a2C..JuBj....x.....%.u.C.......p..c...7...+.1.GS.3...F_....-..`#........]...T.....x....&..{.....V..,..&~$D.#.P..\|gzz...B.7..m.3....HH.l.....Dj.F.X.....U..+.Q...T.`...ST...1...0....io`zu@.J2....3]}0.X...,..+"...............(k.CGl......`.y.._....3.t!O.,X:t.3....lw..U../:..b.]....V.$.y....G.....H..IN....bQ.+ \@....;...C3...c.l..i/....#..I.).Y...]...s..$K!..Tr...g%\|r.D.#.Y{..R..We...X.?...r.@...G.{..>..4^..b..,.z........T..[.ru#.7..{..G....J.3......Lz.C].of$Y2..^...>@L..P.........7..bB.....6f...ec.i..{._\...A.I.Lcy.Qm".....k.^.d.K(x7U...c.o.......}.T......iL..!.Z.......[O...%...*'?........^I./..;t.4%.....S...4....wY.b9.%.b...,.....tC..9.Z...V..CHnA.S.-.u$m.\....7{,..K{(.."....._...\|{.VowE@E@@..Zg.....`8..b..Z...^....l+...R..%.L.b...._..E.j9\+.L.#J.........?&...&..scE..b..Jc.8...V....L 1./k.3..7w....x..-.....

Chrome Cache Entry: 152

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	3103
Entropy (8bit):	7.8784106472562
Encrypted:	false
SSDEEP:
MD5:	6B154892E1C3D7AB504177B2B0BE295C
SHA1:	80385304B64BA92E3D54E0D4B0D6629D503C30BE
SHA-256:	365D8D80487F5EEED03544CC7CF2F5D8CD2D7031BD2D415CF67CC04CD1D4712A
SHA-512:	7AB4F0465B5C7DAAA1EF017EDB80AC50D415A71438A89E5ABCB5BD0A68427398FF21C00DCE9FE14C89B4AF20489C9CBAEA252911E09C18674D317892444E34A7
Malicious:	false
Reputation:	unknown
URL:	https://l.linklyhq.com/assets/waves-pink.png
Preview:	.PNG........IHDR..............>a.....bKGD..............pHYs.........B(.x....tIME.......z.......IDATx^.]}..&..../Q.VJ.R.G...Io...;J.^.J+./.=..3...`......f1..7?...c..U.(........@A. P.(..@..../..].}..zf...jYw......s...2N.2.(\|N!...^.S!..b..^..[.:../..y.....c'.S.=... ?dO...3"...../..Mu.S...KI....+%...5.R..s.+DP#dD..J...E.O%2...f./..2J.%.V{....E. .%../.......D...]...k.@..Y.$#....3{...5mT...~...I...m.0..a.h.$'..]\?..G...f..2%.....'.>.....Vge..m..5;.G...e..@.H.....<5....WV......g...sx..a[N........`9zV.{4.E....T4...~..?.o2....vr........[...R.g..il9.r.Q..(..Z....^P...=ND_z+......F......./.`.......41.L..5^.\|].......]$.c......+.=.<...e.J...C.....Q...h....Rg.-J....@V.;.........].F.j.`.v....:.G...o570#...b....2@s.......K.&9.V.5e.F..A6k2XK..,...sO....%.......n.......z.Z.W.....0.1.&fx@..........F...w.P...^..y...f.{...5..4>...e......W.n=M?.[C...N.Nz..h.@.u...XHh/.Z.......6O.kL;.l....;M..n...J....B.......p.{J..e..>....;P.....#...^.>.>.k.gK...Q.w..R......

Chrome Cache Entry: 153

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Category:	downloaded
Size (bytes):	48236
Entropy (8bit):	7.994912604882335
Encrypted:	true
SSDEEP:
MD5:	015C126A3520C9A8F6A27979D0266E96
SHA1:	2ACF956561D44434A6D84204670CF849D3215D5F
SHA-256:	3C4D6A1421C7DDB7E404521FE8C4CD5BE5AF446D7689CD880BE26612EAAD3CFA
SHA-512:	02A20F2788BB1C3B2C7D3142C664CDEC306B6BA5366E57E33C008EDB3EB78638B98DC03CDF932A9DC440DED7827956F99117E7A3A4D55ACADD29B006032D9C5C
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Preview:	wOF2.......l......D...............................O..B..h?HVAR.x.`?STAT.$'...0+...\|.../V........+..2.0..6.6.$..`. ..~......[B4q.....t..P.M_.z...1..R.S...u.#..R....fR.1.N.v.N.P...;.2........!Z......Qs...5f.G.K.an2&....2.........C.H.t..N!.....nh.<(.vN.....j.._.L.P.t..Ai.%.............._I.i,..o,C.].H.X9.....a.=N....k.....n.L..k.f.u..{...:.}^\[..~5...Z`...........`!...%4..,...K0..&.a/....P....S....m.Z......u...D.j.F...f.0`I.`.`.h#..)(FQ.F!o$........S.).MV8%Rh...r...x...T]$.=......Y...!.3.&U..."....Q....{.l/0..d..4iJ/..}...3....i[Z..NG.WD...>.[U..Q.h..@m.=..S...1C2...d...<..v.?.q.f..n...OUz.....&Z......Z."..N.....n...9.B..C..W....}...W..6Zs.i.+Z........jB.n..x.8M.....q..@I....-.%..,C,..K..#.2...4)/.v_..x.<....t.....%[.4?.=j.V..jj''..W.u..q....I.L.=......E...\.M.7{.>......W........C.`...,9$......\..o........y...4A..m.P.,X..=?.:................wF`..+.P..........M!.4.......l.>M..t.ff5r..^..Z.g...!fA,hIIQ...e.R>B.AH.VuX..>..\.=.ky...1>C....>C.c.;...6D.

Chrome Cache Entry: 155

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	2011
Entropy (8bit):	5.105081874946615
Encrypted:	false
SSDEEP:
MD5:	4809BBC701B4B4F51801363CCD302E4B
SHA1:	0B57A339E950931CF8FB611DE34590CCDD13A74F
SHA-256:	9CEC201E3294D537DD1E9207E80AEF84CD8D5C57254EAE3DB481F98565AA9951
SHA-512:	BC6260247ADB689E71CB273DDF86B52CBEB251B75AAE58F63127DA2D1F3F3BAC20D57E4BCD12EA18BC4FAAE5B226F312C4AEB67F025940FC7040D97110875633
Malicious:	false
Reputation:	unknown
URL:	https://l.linklyhq.com/l/20elx
Preview:	<html>. <head>. <link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css2?family=Lato:wght@700&family=Open+Sans:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Rubik:ital,wght@0,300;0,400;0,500;0,700;1,300;1,400;1,700">. <title>. Unsafe Link - Linkly . </title>.<style>. h1 {font-family: Rubik; font-weight: 300; line-height: 1.4em; font-size: 64px; color: #303236;}. h2 {font-family: Open Sans; font-weight: 300; line-height: 1.4em; font-size: 40px; color: #303236;}. body {font-family: Open Sans; font-size: 18; text-align: center; line-height: 2.4em; color: #1d1d1db3; letter-spacing: 0.06em; }. p {margin-block-start: 1em; margin-block-end: 1em;}. hr {width: 30%; color: grey; margin-block-start: 2em; margin-block-end: 2em;}. a.btn {font-size: 27px; background-color: #fc365a; border-color: #fc365a; color: #fff; letter-spacing: 0.07em; padding: 20px; border-radius: 5px; display: inline-block; width: 250px; text }. a {text-decoration: no

Chrome Cache Entry: 156

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1572)
Category:	downloaded
Size (bytes):	52794
Entropy (8bit):	5.382750764721396
Encrypted:	false
SSDEEP:
MD5:	CADD4E7201196D2CCF710E1C9F52B964
SHA1:	B25A295E34078CE1B67E1A7422E1D98B7E338F26
SHA-256:	5B2157CA060C7C0A5FC600302DB380268CDF2E8BC2AAB4042D1F9C63523BFAC8
SHA-512:	A2F7F5E1D0C5E8BE7C0B67550A8F8587175CE3B5CB48E00BA174DFBA69E88F19ACF9F586CCB4686895A73E1A98AC46B294C69B0AF25336527FE4AB81BC626EAA
Malicious:	false
Reputation:	unknown
URL:	"https://fonts.googleapis.com/css2?family=Lato:wght@700&family=Open+Sans:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Rubik:ital,wght@0,300;0,400;0,500;0,700;1,300;1,400;1,700"
Preview:	/* latin-ext /.@font-face {. font-family: 'Lato';. font-style: normal;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwaPGR_p.woff2) format('woff2');. unicode-range: U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./ latin /.@font-face {. font-family: 'Lato';. font-style: normal;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2) format('woff2');. unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;.}./ cyrillic-ext */.@font-face {. font-family: 'Open Sans';. font-style: italic;. font-weight: 300;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtE

Chrome Cache Entry: 157

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 35448, version 1.0
Category:	downloaded
Size (bytes):	35448
Entropy (8bit):	7.994051931929978
Encrypted:	true
SSDEEP:
MD5:	5C138044F30B8C78119264CD744E686A
SHA1:	7605E014180D49087785350BD1906C16C389690D
SHA-256:	47374CB7D373F9A8450E1237C80BC5FE68C61FBF0CDF958DF7A298143B7DD445
SHA-512:	A7A257429F4D2CE7275D7CE5667CDA9F3DF02BCE7E7D64713FA6D02605B388B7B0F79DE915A1201BE0BAF2383C55BB2A102BCA19DAFEF3A5943D78A2952BD09E
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nBrXw.woff2
Preview:	wOF2.......x......@\|..............................,.......?HVAR..?MVAR3.`?STAT..'..v/\.....t..h..N.0..R.6.$.... ..J..U..[0(Q...+....._.=.n....p\|9UI........~2........K.JQ`...##U.....Z...).D.<^.b.jVZ.+.W.Twb.".A.......Mb.D......H..S......G.B.#.bf\|........3-..M...9...^...=..c.....&.b..k.p.,.O7_}.C....Gx..........c.....P%.e.y..x~m.....F...K.).K.D..r..X...)V.6.b.!.bc......t..$M.b~.;.I..x.I.P-&..2U..g.M>..2w...3.!...X.=....Q.....}.P T.,..~..3w....ef..tT$.BT.Ruf...].....}.c.E....R..D..r.[.K(A$..%. ...P.XR$.).7..E..-.&.s.-.5C..".2..Y:.9.sj.g.Q...........~....{...M&#e....._...Wr~\|..{.c..@..CB..9..%.v.JI..f.R...i.9%.....m....../.3.tji:.....e.......IM.:V......3.<.x.3..H?A....."..........d....Z..t"CFP...........tC.U0.p...QN.......8._....U...".....i].....4.c.O....yh.Ij.1AcBl]..L...P..H..r8.5.k_.i/. .A..>..;u.....q..M.....a0.~.C.px.j....9....#.&d!......w.pM/.;.hy.r..I./0>.........X............YK..=.z..N.S.W6.... ....[._.'5.T..'.FREj-2.3VN.J.Q..z.al.....1)..

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://l.linklyhq.com/l/20elx

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 151

Chrome Cache Entry: 152

Chrome Cache Entry: 153

Chrome Cache Entry: 155

Chrome Cache Entry: 156

Chrome Cache Entry: 157

Static File Info

Windows Analysis Report
https://l.linklyhq.com/l/20elx