Edit tour

Windows Analysis Report
https://rediforib.com

Overview

General Information

Sample URL:	https://rediforib.com
Analysis ID:	1326315

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for domain / URL

Phishing site detected (based on shot match)

Multi AV Scanner detection for submitted file

Stores files to the Windows start menu directory

Creates files inside the system directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6284 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://rediforib.com/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2028,i,4668984994089275718,12249442803752594901,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://rediforib.com

Avira URL Cloud: detection malicious, Label: malware

Multi AV Scanner detection for domain / URL

Source: https://bonsoirctffparis.com/	Virustotal: Detection: 17%			Perma Link
Source: bonsoirctffparis.com	Virustotal: Detection: 18%			Perma Link

Multi AV Scanner detection for submitted file

Source: https://rediforib.com

Virustotal: Detection: 5%

Perma Link

Phishing

Phishing site detected (based on shot match)

Source: about:blank	Matcher: Template: captcha matched
Source: https://www.recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LcZTYwnAAAAAPYRQ079cb4FgXdcgEgR-eLJuRwa&co=aHR0cHM6Ly9ib25zb2lyY3RmZnBhcmlzLmNvbTo0NDM.&hl=en&v=MydHw_zggsxIJuhSbyOmPv5R&size=normal&cb=i03bcjzae83u	Matcher: Template: captcha matched
Source: https://www.recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LcZTYwnAAAAAPYRQ079cb4FgXdcgEgR-eLJuRwa&co=aHR0cHM6Ly9ib25zb2lyY3RmZnBhcmlzLmNvbTo0NDM.&hl=en&v=MydHw_zggsxIJuhSbyOmPv5R&size=normal&cb=i03bcjzae83u	Matcher: Template: captcha matched

Source: https://bonsoirctffparis.com/	HTTP Parser: No favicon
Source: https://www.recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LcZTYwnAAAAAPYRQ079cb4FgXdcgEgR-eLJuRwa&co=aHR0cHM6Ly9ib25zb2lyY3RmZnBhcmlzLmNvbTo0NDM.&hl=en&v=MydHw_zggsxIJuhSbyOmPv5R&size=normal&cb=i03bcjzae83u	HTTP Parser: No favicon
Source: https://bonsoirctffparis.com/	HTTP Parser: No favicon
Source: https://www.recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LcZTYwnAAAAAPYRQ079cb4FgXdcgEgR-eLJuRwa&co=aHR0cHM6Ly9ib25zb2lyY3RmZnBhcmlzLmNvbTo0NDM.&hl=en&v=MydHw_zggsxIJuhSbyOmPv5R&size=normal&cb=i03bcjzae83u	HTTP Parser: No favicon
Source: https://www.recaptcha.net/recaptcha/api2/bframe?hl=en&v=MydHw_zggsxIJuhSbyOmPv5R&k=6LcZTYwnAAAAAPYRQ079cb4FgXdcgEgR-eLJuRwa	HTTP Parser: No favicon
Source: https://www.recaptcha.net/recaptcha/api2/bframe?hl=en&v=MydHw_zggsxIJuhSbyOmPv5R&k=6LcZTYwnAAAAAPYRQ079cb4FgXdcgEgR-eLJuRwa	HTTP Parser: No favicon
Source: https://ds-lnfo.com/	HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49744 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49776 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 13MB later: 26MB

Source: unknown

HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49744 version: TLS 1.0

Source: unknown

DNS traffic detected: queries for: rediforib.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49776 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_6284_1473760746

Source: classification engine

Classification label: mal72.phis.win@17/53@26/196

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://rediforib.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2028,i,4668984994089275718,12249442803752594901,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2028,i,4668984994089275718,12249442803752594901,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://rediforib.com	6%	Virustotal		Browse
https://rediforib.com	100%	Avira URL Cloud	malware

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
rediforib.com	1%	Virustotal	Browse
www.recaptcha.net	0%	Virustotal	Browse
bonsoirctffparis.com	19%	Virustotal	Browse
ds-lnfo.com	1%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://bonsoirctffparis.com/	18%	Virustotal		Browse
https://ds-lnfo.com/	1%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
accounts.google.com	172.217.12.141	true	false		high
rediforib.com	127.0.0.127	true	false	1%, Virustotal, Browse	unknown
ds-lnfo.com	91.215.85.167	true	false	1%, Virustotal, Browse	unknown
bonsoirctffparis.com	91.215.85.21	true	true	19%, Virustotal, Browse	unknown
www.recaptcha.net	142.250.72.227	true	false	0%, Virustotal, Browse	unknown
www.google.com	172.217.12.132	true	false		high
clients.l.google.com	142.250.68.78	true	false		high
clients1.google.com	unknown	unknown	false		high
clients2.google.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
about:blank	false		low
https://bonsoirctffparis.com/	true	18%, Virustotal, Browse	unknown
https://ds-lnfo.com/	false	1%, Virustotal, Browse	unknown
https://www.recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LcZTYwnAAAAAPYRQ079cb4FgXdcgEgR-eLJuRwa&co=aHR0cHM6Ly9ib25zb2lyY3RmZnBhcmlzLmNvbTo0NDM.&hl=en&v=MydHw_zggsxIJuhSbyOmPv5R&size=normal&cb=i03bcjzae83u	false		unknown
https://www.recaptcha.net/recaptcha/api2/bframe?hl=en&v=MydHw_zggsxIJuhSbyOmPv5R&k=6LcZTYwnAAAAAPYRQ079cb4FgXdcgEgR-eLJuRwa	false		unknown
https://ds-lnfo.com/index.php?success=validatedok	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.72.227	www.recaptcha.net	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
91.215.85.167	ds-lnfo.com	Russian Federation	34665	PINDC-ASRU	false
142.250.176.3	unknown	United States	15169	GOOGLEUS	false
142.250.68.78	clients.l.google.com	United States	15169	GOOGLEUS	false
142.250.189.3	unknown	United States	15169	GOOGLEUS	false
172.217.12.141	accounts.google.com	United States	15169	GOOGLEUS	false
172.217.12.131	unknown	United States	15169	GOOGLEUS	false
172.217.12.142	unknown	United States	15169	GOOGLEUS	false
172.217.12.132	www.google.com	United States	15169	GOOGLEUS	false
142.251.40.35	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
91.215.85.21	bonsoirctffparis.com	Russian Federation	34665	PINDC-ASRU	true
142.251.40.42	unknown	United States	15169	GOOGLEUS	false
142.250.188.227	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.8
192.168.2.16
192.168.2.9
127.0.0.127
192.168.2.5
192.168.2.10

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1326315
Start date and time:	2023-10-16 10:28:30 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://rediforib.com
Analysis system description:	Windows 10 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal72.phis.win@17/53@26/196

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 142.250.188.227, 34.104.35.123
Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, clientservices.googleapis.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://ds-lnfo.com/index.php?success=validatedok

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 16 07:29:00 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.974908580082126
Encrypted:	false
SSDEEP:
MD5:	2AD2A75352B1E4838040E6D69D43337C
SHA1:	8E005ED4BED14939E5196BFCBD8C5CDA9B7976FC
SHA-256:	0A6042421B41B791CF41BB143418D92C8AD3D8A2663E439161B60822D1A2E186
SHA-512:	C14BA11D1BC986CF781EBBB31B61320B73CEEAC7EE48450AE04C13258CB6172CE75EA2B75E1AC8C829554EBD3631C55B7BFAEB082426AD9FE494995705784618
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......g.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IPW.C....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VPW.C....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VPW.C....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VPW.C..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VPW.C...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............N......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 16 07:29:00 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9904289019333237
Encrypted:	false
SSDEEP:
MD5:	A8CA55A055C51B6C0E95DF168DCFC1B6
SHA1:	E188F1410C079B3CC44E97AC922C1A8E1D0D0852
SHA-256:	CE1FF0D16533392F8E5ADAB023160EE9BAA487CD0BEB0AC3F820F9F3D69D2102
SHA-512:	FE839E237F06521B74A4E4FC1CB019571EDA7F57E0C70AE78C0F79C98DA851AB4C5E827510784265C3A751106F9D8FDF8CB0F4FBBABA83084537C7917C86A1F8
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....Dv\.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IPW.C....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VPW.C....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VPW.C....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VPW.C..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VPW.C...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............N......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.003047836660768
Encrypted:	false
SSDEEP:
MD5:	7D79B433C61A346E0D7583570B11E7A9
SHA1:	7F5654849E9821FF52153C5E3B2AD2D0385C2D96
SHA-256:	59980BFD8061DB86EB43CE18463C323C8A9BF3D886A1385122A9F2CF1D5F6C2F
SHA-512:	8243F96617B8F59AB758203175EBF92A623775A41D0AEEE932D0FEE101E6779396BA1CB8052E46CAD0B1F0AF6E0C1C133645533E311D9A9316785452670FB052
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IPW.C....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VPW.C....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VPW.C....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VPW.C..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............N......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 16 07:29:00 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.991222150809934
Encrypted:	false
SSDEEP:
MD5:	8C1945E05E6E5E7620EEBDEFFB059757
SHA1:	4CE7F3BCB173E05D46FE57F30F3B9647C87D3EB3
SHA-256:	08B1E4E4A174E7C209597FC18FD0FF92D64959118077DB8A092E23193F611E99
SHA-512:	3FC8A112093EDD367923B13136930CAF01F712658EEF7B531563816DB76F0CDABB8A32FD8E3E2F696D3B87937B1DC515A8F61283AB7EC4E606C0E91FAFD5CAC1
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....\|.V.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IPW.C....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VPW.C....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VPW.C....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VPW.C..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VPW.C...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............N......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 16 07:29:00 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.975691649656955
Encrypted:	false
SSDEEP:
MD5:	22C17A18923EE93465216848E9489B82
SHA1:	A770624C82F71D566A3620C4641598878294FFB9
SHA-256:	6684EE4ACDB176E63717AE5A1B4AA042EF0293F3C94B42F9F4AA564E87CDF975
SHA-512:	E3544274926B4BE915B1D5AEADDE279CBA7C9F9316909D7ED45BDF121623B8812A04A314E94B63F1FD5C06E24485195A275A68142EC1726FD231DCBF5050D3AE
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....ib.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IPW.C....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VPW.C....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VPW.C....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VPW.C..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VPW.C...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............N......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 16 07:29:00 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9888845914204714
Encrypted:	false
SSDEEP:
MD5:	1A40790BD051FA3342665BE13EE920F7
SHA1:	BCB44649998C2A7445C6382087DE1D5D6E3851C1
SHA-256:	9664C23398C92FCBAD2E2B6AA8DA190250B54C990A923C602C6801BEBC325FE4
SHA-512:	1DE7BC28AD2D9F8627ECCB70711F7F38BF478F4CEED59F492A4CFE0BC01CC1D12BAEBA2B421D0089C1934F33687D63BB97BE2926C5735D7F179C24D803C73E6F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......I.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IPW.C....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VPW.C....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VPW.C....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VPW.C..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VPW.C...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............N......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
Category:	downloaded
Size (bytes):	15552
Entropy (8bit):	7.983966851275127
Encrypted:	false
SSDEEP:
MD5:	285467176F7FE6BB6A9C6873B3DAD2CC
SHA1:	EA04E4FF5142DDD69307C183DEF721A160E0A64E
SHA-256:	5A8C1E7681318CAA29E9F44E8A6E271F6A4067A2703E9916DFD4FE9099241DB7
SHA-512:	5F9BB763406EA8CE978EC675BD51A0263E9547021EA71188DBD62F0212EB00C1421B750D3B94550B50425BEBFF5F881C41299F6A33BBFA12FB1FF18C12BC7FF1
Malicious:	false
Reputation:	low
URL:	https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Preview:	wOF2......<...........<Z.........................d..z..J.`..L.\..<.....<.....^...x.6.$..6. .... ..S..}%.......\|....x..[j.E...d..-A...]=sjf$X.o.5......V....i?}.\...;...V......5..mO=,[.B..d'..=..M...q...8..U'..N..G...[..8....Jp..xP...'.?....}.-.1F.C.....%z..#...Q...~.~..3.............r.Xk..v..7t.+bw...f..b...q.W..'E.....O..a..HI.....Y.B..i.K.0.:.d.E.Lw....Q..~.6.}B...bT.F.,<./....Qu....\|...H....Fk.-..H..p4.$......{.2.....".T'..........Va.6+.9uv....RW..U$8...p...........H5...B..N..V...{.1....5}p.q6..T...U.P.N...U...!.w..?..mI..8q.}.... >.Z.K.....tq..}.><Ok..w.. ..v....W...{....o...."+#+,..vdt...p.WKK:.p1...3`. 3.......Q.].V.$}.......:.S..bb!I...c.of.2uq.n.MaJ..Cf.......w.$.9C...sj.=...=.Z7...h.w M.D..A.t.....]..GVpL...U(.+.)m..e)..H.}i.o.L...S.r..m..Ko....i..M..J..84.=............S..@......Z.V.E..b...0.....@h>...."$.?....../..?.....?.J.a,..\|..d...\|`.m5..b..LWc...L...?.G.].i...Q..1.:..LJV.J...bU.2.:\.kt.......t.....k....B..i.z+...........A.....

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
Category:	downloaded
Size (bytes):	15344
Entropy (8bit):	7.984625225844861
Encrypted:	false
SSDEEP:
MD5:	5D4AEB4E5F5EF754E307D7FFAEF688BD
SHA1:	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8
SHA-256:	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
SHA-512:	7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48
Malicious:	false
Reputation:	low
URL:	https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Preview:	wOF2......;........H..;..........................d..@..J.`..L.T..<.....x.....^...x.6.$..6. ..t. ..I.h\|.l....A....b6........(......@e.]...:..-.0..r.)..hS..h...N.).D.........b.].......^..t?.m{...."84...9......c...?..r3o....}...S]....zbO.../z..{.....~cc....I...#.G.D....#e.A..b...b`a5P.4........M....v4..fI#X.z,.,...=avy..F.a.\9.P\|.[....r.Q@M.I.._.9..V..Q..]......[ {u..L@...]..K......]C....l$.Z.Z...Zs.4........ x.........F.?.7N..].\|.wb\....Z{1L#..t....0.dM...$JV...{..oX...i....6.v.~......)\|.TtAP&).KQ.]y........'...:.d..+..d..."C.h..p.2.M..e,.UP..@.q..7..D.@...,......B.n. r&.......F!.....\...;R.?-.i...,7..cb../I...Eg...!X.)5.Aj7...Ok..l7.j.A@B`".}.w.m..R.9..T.X.X.d....S..`XI..1... .$C.H.,.\. ..A(.AZ.................`Wr.0]y..-..K.1.............1.tBs..n.0...9.F[b.3x...$....T..PM.Z-.N.rS?I.<8eR'.3..27..?;..OLf.Rj.@.o.W...........j~ATA....vX.N:.3dM.r.)Q.B...4i.f..K.l..s....e.U.2...k..a.GO.}..../.'..%$..ed..'..qP....M..j....../.z&.=...q<....-..?.A.%..K..

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	4955
Entropy (8bit):	4.959843619283862
Encrypted:	false
SSDEEP:
MD5:	D1125B5CF522875031E719B2246B79B9
SHA1:	5B31B68ACBA014C3957380C3A16AB33E0BB67004
SHA-256:	28C7A1B40D2F48CE6AFA8CCE59EE6D515637B7D4E3F1B1006B5ED672352F427E
SHA-512:	866CF0C4723C550ADAD0BF81832EB41A196A685EF3849E52E7837CA1167DBF17D07425B3A195150FE75B7C455F9827C2AC69E57E1AAF4E287321B71B81907338
Malicious:	false
Reputation:	low
Preview:	<svg version="1.1" id="Layer_2" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px".. viewBox="0 0 341.4 50.1" style="enable-background:new 0 0 341.4 50.1;" xml:space="preserve">. <g>. .<g>. ..<g>. ...<path style="fill: #58585B" d="M84.3,2.1c6.2,0,10.5,2.9,13.2,5.7l-3.4,3.7C91.8,9,89,7.2,84.4,7.2c-9.3,0-15.3,7.2-15.3,18.6. ....c0,11.6,5.5,18.9,15.3,18.9c3.3,0,6.5-1.1,8.3-2.7v-12H83v-4.8h15.1v19.4c-3,2.9-8.1,5.3-14.3,5.3c-12.1,0-20.7-8.8-20.7-23.8. ....C63.1,11.1,72,2.1,84.3,2.1z"/>. ...<path style="fill: #58585B" d="M105.8,14.9h5.8v20.8c0,6.4,1.9,9.1,6.4,9.1c3.5,0,6-1.8,9.2-5.8V14.9h5.8v34.1h-4.8l-0.5-5.3h-0.2. ....c-3.2,3.7-6.5,6.2-11.2,6.2c-7.2,0-10.5-4.6-10.5-13.3V14.9z"/>. ...<path style="fill: #58585B" d="M142.5,14.9h5.8v34.1h-5.8V14.9z"/>. ...<path style="fill: #58585B" d="M171.6,14c4.5,0,7.6,1.9,10,4.1l-2.9,3.7c-2-1.8-4.1-3-6.9-3c-6.2,0-10.7,5.3-10.7,13.2. ....c0,7.8,4.3,13,10.5,13c3.2,0,6-1.6,8-3.4l2.6,3.8c-3.1,2.7-7,4.4-11.1

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (624)
Category:	downloaded
Size (bytes):	629
Entropy (8bit):	4.959745804519331
Encrypted:	false
SSDEEP:
MD5:	E57A3679AD52F1BEBB43617E5C1666AF
SHA1:	5CED2B20B39EAAE19A5F5FA4D6DACCF94ECA36DF
SHA-256:	9F4089BE9E669A68DCFE48796A92BAC530A79086A9EF5492D7B018B5713CBFF2
SHA-512:	19B47690B62F1041D11E40B8EC4FD3F369C7609F6DBD32B521B103E2A40DFB59B7CBBC8A5677E5324FBE924C727F0E8471FF1C79F07D01351FE12D637AEE145F
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fds-lnfo.com&oit=3&cp=19&pgcl=4&gs_rn=42&psi=dlsJksI9F3XFxV8o&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://ds-lnfo.com",["ds infotech","ds infotech online examination centre","ds information","ds infoway","ds infotech pvt ltd zauba","ds info","ds informatique","ds information technology","ds infotech reviews","ds informatica"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[601,600,557,556,555,554,553,552,551,550],"google:suggestsubtypes":[[30,13],[30,13],[30,13],[30,13],[30,13],[30,13],[30,13],[30,13],[30,13],[30,13]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.090012084439345
Encrypted:	false
SSDEEP:
MD5:	938464F4A51E80A29886967E2DD10247
SHA1:	6CA208768620D334DC104B093C6B816BEFD75CAD
SHA-256:	E5E1650378525B31C2E2805A4CF471C306C690A4F01466044490D53753E83BBF
SHA-512:	D432657412D9A0D75171CFC35F9F3A1DF6383406D76BF299A1EC230E859C2DDA71BF452129956E66538CB652732ED4F8E47BA363691F18C77D61A7442391C30C
Malicious:	false
Reputation:	low
Preview:	<HTML>.<HEAD>.<TITLE>HTTP method GET is not supported by this URL</TITLE>.</HEAD>.<BODY BGCOLOR="#FFFFFF" TEXT="#000000">.<H1>HTTP method GET is not supported by this URL</H1>.<H2>Error 405</H2>.</BODY>.</HTML>.

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15340, version 1.0
Category:	downloaded
Size (bytes):	15340
Entropy (8bit):	7.983406336508752
Encrypted:	false
SSDEEP:
MD5:	19B7A0ADFDD4F808B53AF7E2CE2AD4E5
SHA1:	81D5D4C7B5035AD10CCE63CF7100295E0C51FDDA
SHA-256:	C912A9CE0C3122D4B2B29AD26BFE06B0390D1A5BDAA5D6128692C0BEFD1DFBBD
SHA-512:	49DA16000687AC81FC4CA9E9112BDCA850BB9F32E0AF2FE751ABC57A8E9C3382451B50998CEB9DE56FC4196F1DC7EF46BBA47933FC47EB4538124870B7630036
Malicious:	false
Reputation:	low
URL:	https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
Preview:	wOF2......;........d..;..........................d..z..J.`..L.Z..<.....\..`..^...x.6.$..6. ..\|. ..8..z%......Q.{..q...FF.kd .8.(..d..).!C...Y.JA...r. ..GH8F......nW...".2&....2<..+C...p...b..SC.......J......z.-..Q..#6&1zUe../\...l.....<.....9s...E~.]B-..B.wY..o......Q..A.F..1j.......-.`P% .. ,..@1.0..~.....WWW.d.u<c{..^.R.+..w....&.........A......+C....(.N.....0.~..0.J.;.Nu..7....]..m.H.....[h.GL3....?)....c.H...2.3.}y........SXI\|..iVN'%E.D.W....r..<`....i....6;E$.....U.$j.@...._.......R2....WS...k.vz.R.'a9!^...N....h.._.....c.%."..S.2.16B...o.2}.pmU[.\|.LI....2.....OWQLO1-....s..8.(...".\|6...6R.. ..M-.zO.}w)..v..mXxX...c..3#.+.v....F`.Z;.zQ.......r,....Yo.....g.h....+.....O.3Y..)Y.8.!....elX......._.3.}k~u.{ C..H.z..FP........@...d..)T.R...L.H.J.j.@..............$...E......y...3.b...I.h u.+%.HA.\..9..8..X.!....gx...].:..V..C...._..X..!....6..)...GM:E.....O.Z.}k.;.T.k..D.k.O..D5.r..."......?..T.Q.A...CF...3g.5.Dn<.QPy..G..1.9..Q..0..

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	102
Entropy (8bit):	4.899621299015828
Encrypted:	false
SSDEEP:
MD5:	E82E2A2D9574AA1510ADC2FFDC04B2EF
SHA1:	EF4116A276C39549961167D28BA479087F3A58A1
SHA-256:	145BF25D7A0B98497C1DBFA062C7EC9A2F329F19854545FC9390634F5788A3AE
SHA-512:	538B9B5E231043AE4856978CE35193CDE2FE1D41B293FD687EF03D0AA81975A3668FAD33E379EEC42F824175B1087BD684133F9E45C5657D2B87A06919945644
Malicious:	false
Reputation:	low
URL:	https://www.recaptcha.net/recaptcha/api2/webworker.js?hl=en&v=MydHw_zggsxIJuhSbyOmPv5R
Preview:	importScripts('https://www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/recaptcha__en.js');

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
Category:	downloaded
Size (bytes):	530
Entropy (8bit):	7.2576396280117494
Encrypted:	false
SSDEEP:
MD5:	88E0F42C9FA4F94AA8BCD54D1685C180
SHA1:	5AD9D47A49B82718BAA3BE88550A0B3350270C42
SHA-256:	89C62095126FCA89EA1511CF35B49B8306162946B0C26D6F60C5506C51D85992
SHA-512:	FAFF842E9FF4CC838EC3C724E95EEE6D36B2F8C768DC23E48669E28FC5C19AA24B1B34CF1DBCBE877B3537D6A325B4C35AF440C2B6D58F6A77A04A208D9296F8
Malicious:	false
Reputation:	low
URL:	https://www.gstatic.com/recaptcha/api2/audio_2x.png
Preview:	.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX...JBA.....E-R... (#..-*$.}.%.Kt.A..Dx.I...AF.Q.4.......-.6..?.m:.,.......Q..D.L..e4..2.D..8)j4:......&>.s......p?......9.o5>.][H.}...&L.%.xh{~K.J\|.b..N..HMp....f.}dd..S..4%...$dK..!..Z..NNs.W&g..Fn....p...w..Ut...E\.e.......6......M.F...X.L......em.....R#'..%....j$/..-......@.l."..M.\|....OtW.H.,.-.~W`Z.s8..W...B...C-.8"H....6......9...A..aO.1`.M..A..eA.{...-...U.,.W........IEND.B`.

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	C++ source, ASCII text, with very long lines (950), with no line terminators
Category:	downloaded
Size (bytes):	950
Entropy (8bit):	4.886509373616668
Encrypted:	false
SSDEEP:
MD5:	7E613F1D032E830A7940A80D43FB1DB5
SHA1:	BA585615B7041E32B47BA325DCE7E1824E949A6A
SHA-256:	9688E03D6AA3F6A5781822AAF87DD0CFB150C7A258434ED98CA12876B1A3340F
SHA-512:	5BC54129FA652E15E3EEE96A3C89A50C53E8F7282401E48888A1E497AA5851D00740785CE37B951509F4D4DA0CFD85CDFF75CA822B9E9E8BBBF4643865EC2A25
Malicious:	false
Reputation:	low
URL:	https://ds-lnfo.com/antibot.js
Preview:	class HeadlessDetect{allTestFunctions=["testUserAgent","testChromeWindow","testPlugins","testAppVersion","testConnectionRtt"];constructor(){}testUserAgent(){if(/Headless/.test(window.navigator.userAgent)){return 1}else{return 0}}testChromeWindow(){if(eval.toString().length==33&&!window.chrome){return 1}else{return 0}}testNotificationPermissions(e){navigator.permissions.query({name:"notifications"}).then(function(t){if(Notification.permission==="denied"&&t.state==="prompt"){e(1)}else{e(0)}})}testPlugins(){let t=navigator.plugins.length;return t===0?1:0}testAppVersion(){let t=navigator.appVersion;return/headless/i.test(t)?1:0}testConnectionRtt(){let t=navigator.connection;let e=t?t.rtt:undefined;if(e===undefined){return 0}else{return e===0?1:0}}getHeadlessScore(){let e=0;let o=0;this.testNotificationPermissions(function(t){e+=t;o++});for(let t=0;t<this.allTestFunctions.length;t++){e+=this[this.allTestFunctions[t]].apply();o++}return e/o}}

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
Category:	downloaded
Size (bytes):	665
Entropy (8bit):	7.42832670119013
Encrypted:	false
SSDEEP:
MD5:	07BF314AAB04047B9E9A959EE6F63DA3
SHA1:	17BEF6602672E2FD9956381E01356245144003E5
SHA-256:	55EAF62CB05DA20088DC12B39D7D254D046CB1FD61DDF3AE641F1439EFD0A5EE
SHA-512:	2A1D4EBC7FBA6951881FD1DDA745480B504E14E3ADAC3B27EC5CF4045DE14FF030D45DDA99DC056285C7980446BA0FC37F489B7534BE46107B21BD43CEE87BA0
Malicious:	false
Reputation:	low
URL:	https://www.gstatic.com/recaptcha/api2/info_2x.png
Preview:	.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX..W..DA.=.6O...H.,E.............b.....C.1...1..EbLPI.W......H..s.z5.:..._.d.0.u.......j.x.R..._.v..R...1..ir..`.yn..R..j.h./y..l......(`..5....l.E..0......B^......F.....F....Y\|p..._,p.............(3^.r.P.O......;<....z.,..yF....N..x.MS...Q.C%......D8G.+......oOk...)T..}\|..e...G.....'.R..G.Z.T}7(...&..@...G....$PGYv...A.c.]d....N..'.4b...R.%..)2Yd..b.M..^@.M....^.:h.N(dP*t..RQ%.o...{.vGH..S._".@./...g.....]...?..h..E.,r.m.%."."W.6G..t...->....q\.Kc.t"^......Kj~{l..C..).y..><@\|yB....=c.............!...<....IEND.B`.

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
Category:	dropped
Size (bytes):	600
Entropy (8bit):	7.391634169810707
Encrypted:	false
SSDEEP:
MD5:	0F2A4639B8A4CB30C76E8333C00D30A6
SHA1:	57E273A270BB864970D747C74B3F0A7C8E515B13
SHA-256:	44B988703019CD6BFA86C91840FECF2A42B611B364E3EEA2F4EB63BF62714E98
SHA-512:	3EA72C7E8702D2E9D94B0FAA6FA095A33AB8BC6EC2891F8B3165CE29A9CCF2114FAEF424FA03FD4B9D06785326284C1BB2087CE05E249CCAC65418361BFA7C51
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX..M+.Q.....&/....&......6...\|.I..).o.I.X..#.@.bb.D.'5....m...=..y........{....<.P..;.H......f...3l...M.I...j2.....3..1x..S......9..<m...E.'F'.. ...M.j...C..c.5.-..F..3H./F!.."V.e.i.}.Y....../.rw...@...].rp...`CQo(.....J...u.".!E...$.^$...k....b....@.^.;.u5........H/Q{..$..'..........w...r.+xS.uR..J.......GD.O./.. G7..l...J.t.3.S...N.7...e..s.-Jlj)..5E....E.;8w4.k..=.li.G...1.c....p,T6;....1.oW.%.2,..Z..a...*m.s}T1F....Hr.1......<x0.....-.i......IEND.B`.

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (665)
Category:	downloaded
Size (bytes):	471253
Entropy (8bit):	5.660635603145118
Encrypted:	false
SSDEEP:
MD5:	1597ADFD61770DA62F147C7072DDCE90
SHA1:	AC0214495692E766B4C453589CE587A46242AF67
SHA-256:	C662A9036D1FD054A03BD683564761866F27663C4607AAA2B1FF417D17C512F1
SHA-512:	1D247287949B3C7D326D0FBF600CC0BB18F4CFB461A24DB60B56B0BC22096C5AEB86F3ACC72DAE6968639C3A102DEEFFA922BA5EE9E3E5DB85392784F2B0EF36
Malicious:	false
Reputation:	low
URL:	https://www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/recaptcha__en.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright 2005, 2007 Bob Ippolito. All Rights Reserved.. Copyright The Closure Library Authors.. SPDX-License-Identifier: MIT././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. SPDX-License-Identifier: Apache-2.0./.var l=function(){return[function(I,r,X,t,F,d,w){return((I^6)<(((I-(d=["T",24,5],6)^29)<I&&(I-1^19)>=I&&(Q[23](1,t)?w=n[d[2]](6,r,X,t[d[0]]):(F=l[25](9,t),w=!!F&&n[d[2]](2,r,X,F))),I-6)&9\|\|(w=r instanceof Ie&&r.constructor===Ie?r.Y:"type_error:TrustedResourceUrl"),d[1])&&10<=(I\|2)&&Z.call(this,r),2>(I-3&16)&&7<=I>>2)&&(r=void 0===r?1E3:r,X=new sj,X.K4=function(){return $D(function(U,Y,p){return(p=h[33](31),Y=p-U,!p\|\|Math.floor(Y/r))?(X.K4=function(){return 0},X.K4()):r-Y},h[33](15))}(),w=X),w},function(I,.r,X,t,F,d){if((I\|(d=["Y",8,4],d[1]))==I)g[d[1]](32,X,r,t);return I-3>>d[2]\|\|(F=h[20](25,r[d[0]])+r.I[d[0]].size),F},function(I,r,X,t,

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	808
Entropy (8bit):	4.9078093738349065
Encrypted:	false
SSDEEP:
MD5:	A943672A32297727BAB01C3E76977550
SHA1:	3A667C4B7A457EF6C586CC581D533C128737BF53
SHA-256:	B9347F234DC3C8D56E015E86D88A1400415DB8F7A5AD91F02B6A2323C10A4187
SHA-512:	0965D415F3A0CEF31953702FDAE345D46FEFD72CE3C4C7A0255AEDE74A76E10B856892700529A444453A622793E0257248C5C99FAE17D5B0B9FD4118E208068C
Malicious:	false
Reputation:	low
URL:	https://ds-lnfo.com/favicon.ico
Preview:	<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="utf-8">. <meta http-equiv="x-ua-compatible" content="ie=edge">. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">. <title>404 Not Found</title>. <link rel="stylesheet" href="/error_docs/styles.css">.</head>.<body>.<div class="page">. <div class="main">. <h1>Server Error</h1>. <div class="error-code">404</div>. <h2>Page Not Found</h2>. <p class="lead">This page either doesn't exist, or it moved somewhere else.</p>. <hr/>. <p>That's what you can do</p>. <div class="help-actions">. <a href="javascript:location.reload();">Reload Page</a>. <a href="javascript:history.back();">Back to Previous Page</a>. <a href="/">Home Page</a>. </div>. </div>.</div>.</body>.</html>

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (56398), with no line terminators
Category:	downloaded
Size (bytes):	56398
Entropy (8bit):	5.907604034780877
Encrypted:	false
SSDEEP:
MD5:	EB4BC511F79F7A1573B45F5775B3A99B
SHA1:	D910FB51AD7316AA54F055079374574698E74B35
SHA-256:	7859A62E04B0ACB06516EB12454DE6673883ECFAEAED6C254659BCA7CD59C050
SHA-512:	EC9BDF1C91B6262B183FD23F640EAC22016D1F42DB631380676ED34B962E01BADDA91F9CBDFA189B42FE3182A992F1B95A7353AF41E41B2D6E1DAB17E87637A0
Malicious:	false
Reputation:	low
URL:	https://www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/styles__ltr.css
Preview:	.goog-inline-block{position:relative;display:-moz-inline-box;display:inline-block}* html .goog-inline-block{display:inline}*:first-child+html .goog-inline-block{display:inline}.recaptcha-checkbox{border:none;font-size:1px;height:28px;margin:4px;width:28px;overflow:visible;outline:0;vertical-align:text-bottom}.recaptcha-checkbox-border{-webkit-border-radius:2px;-moz-border-radius:2px;border-radius:2px;background-color:#fff;border:2px solid #c1c1c1;font-size:1px;height:24px;position:absolute;width:24px;z-index:1}.recaptcha-checkbox-borderAnimation{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFQAAANICAYAAABZl8i8AAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAABIAAAASABGyWs+AAAACXZwQWcAAABUAAADSAC4K4y8AAA4oElEQVR42u2dCZRV1ZX3q5iE4IQIiKQQCKBt0JLEIUZwCCk7pBNFiRMajZrIl9aOLZ8sY4CWdkDbT2McooaAEmNixFhpaYE2dCiLScWiQHCgoGQoGQuhGArKKl7V+c5/n33fO/V4w733nVuheXuv9V/rrnvP2Xud3zvTPee+ewsKxMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExP4OdtlT6ztAbRWvvLy8A3QkwxzH6tBGMMexI

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 98 x 90, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	11174
Entropy (8bit):	7.97758318268209
Encrypted:	false
SSDEEP:
MD5:	A4741C6089E163F0E5C0CDB2C698A03E
SHA1:	03B190C8D9350802CBABBCCD2757CFF1FB7115F0
SHA-256:	C9685B413894B0647B42EDF9CAC1FC0B2ED044C1FE238D843B9CA3D29DB1B805
SHA-512:	8F16410EDBC8893D9982CCAA1F2BA73BB1E7189B8101CE8EF3167D4663E5580A0BD2462295052A5DD86FA83AB3A0C4ED889204052951F8C6FA71E564D3EDCAFB
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...b...Z...........+mIDATx..O.a.A.3.....@....YY.5`......#B...\|...)F3S..8..H._.......N......v..i..k{D..r..wKhO...V$..XD..(...4]8......t...Q..f!C.{...o.:.sNJ!.~R.....GFG.$.o.a..m...S.a...("..uu1....h......V...).....V...+....@rd9b.. ........5..7.]...........,CD./.......K.; ......v......H..`..$.p.E.I/.{....5....`..........O_...H.c.."G.Jp}LB.....OU.$..%....=..+..P` .....vR..^.._...a. ..vX.LIH..-..F..x.?......bRr..@.1....b...`#.L".........\|....M.8$....IV.9s...;.WL....Q......8..h.....HIje.....a{.......:\...U.."...AYs.f.:.?RU.C5.,......Q.j..y...Nx.J....1.>.>-R.L.>.q?.H;.Z`.o...}...sN....k.........P.&>w.0".u.$.l.W2.q.=I.H......2.......I.H.x..> [.,.t7..$$....W.`..D..#).......sfv..A_.....{....cy-..H.x.U5...Ew`....JxB..\.o..\|........)..?~..D.A/...y0.%.D.;...0.K..d.v......;..x6B...Hg^E.6..~....g...'-.5.].c.[C2.$A.......!..b.d..U..$w:/.$B. )..P....Hq..3.!.l}]y.....`..s>.7.t.P.s.%d..E{M.m.....$.%...v..W..T:-........... 0....D4a".K...

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3
Category:	dropped
Size (bytes):	28895
Entropy (8bit):	7.97518926571287
Encrypted:	false
SSDEEP:
MD5:	E804CBB1AA2CC981BC020B1D7A88D44F
SHA1:	3DA79F0567FD87BF2BCF1299931180927C50FD13
SHA-256:	0B37BE4DCDB39C6F2CC21EF07B523458D684816C16A01876CB1DED9B9D99D7F7
SHA-512:	B3A58DA0E2FA9F9B9BC4874044B0E06B774B3F56987AEED9E0E874FEA52238C9F8D5088E4F0B0351CCE554393FBC83D1B2A705E34D027B6F91B50F528D0056AF
Malicious:	false
Reputation:	low
Preview:	......JFIF.............C..............................................!........."$".$.......C.......................................................................,.,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....+]+.C.N...}.i.cO....I<....uPA.....X.!..}.vJ.N..f..t$Y........M;H.s.#<.s.1.'4.+D.".`.A.7n.:5,.A.=.J.{........H......n...W.W...sMv.r@..Z@.Z;...1...x ...f7q.,(l.=.Q.8.Q.1KI.8a....0.2.....4...~_.w.ei.....*.... ..s......h..pCJ..k.6`..A......./.?...M....F.f..u7O.A8.v8.........?.<.s..^..8.l..I..&.dn.~Q...k......<...:k..K.x.P...X..........g......qC$.V.42G42(dt`....H.

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.75
Encrypted:	false
SSDEEP:
MD5:	AFB69DF47958EB78B4E941270772BD6A
SHA1:	D9FE9A625E906FF25C1F165E7872B1D9C731E78E
SHA-256:	874809FB1235F80831B706B9E9B903D80BD5662D036B7712CC76F8C684118878
SHA-512:	FD92B98859FFCCFD12AD57830887259F03C7396DA6569C0629B64604CD964E0DF15D695F1A770D2E7F8DF238140F0E6DA7E7D176B54E31C3BB75DDE9B9127C45
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAm750IaKVxu3RIFDVNaR8U=?alt=proto
Preview:	CgkKBw1TWkfFGgA=

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1288), with no line terminators
Category:	downloaded
Size (bytes):	1288
Entropy (8bit):	5.791350561612428
Encrypted:	false
SSDEEP:
MD5:	6B02E4FF23E93873A083AC949ABD4001
SHA1:	4B4AB844DB907D39B386FE42DE7A0A2B93ECA077
SHA-256:	11643BC2250AA2AAD195518754E7E15F18B33DA2E2874870D5C073D73F548746
SHA-512:	65C3AE44BD23A46E3122452F242B36B34C2788FBEBD69640F5DCB26E38C1FAB03F8D57525B503D6FF3F143A1728B027DDE3C3B274175954F1F2D80E2E4270E73
Malicious:	false
Reputation:	low
URL:	https://www.recaptcha.net/recaptcha/api.js?onload=onloadCallback&render=explicit
Preview:	/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]\|\|{},N='grecaptcha';var gr=w[N]=w[N]\|\|{};gr.ready=gr.ready\|\|function(f){(cfg['fns']=cfg['fns']\|\|[]).push(f);};w['__recaptcha_api']='https://www.recaptcha.net/recaptcha/api2/';(cfg['render']=cfg['render']\|\|[]).push('explicit');(cfg['onload']=cfg['onload']\|\|[]).push('onloadCallback');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true;var m=d.createElement('meta');m.httpEquiv='origin-trial';m.content='A89JPrWYXvEpNQ/xE+PjjlGJiBu/L2GfQcplC/QkDJOS1fBoX5Q4/HLfT1dXpD1td7C2peXE3bSCJiYdwoFcNgQAAACSeyJvcmlnaW4iOiJodHRwczovL3JlY2FwdGNoYS5uZXQ6NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcyNTQwNzk5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=';d.head.prepend(m);po.src='https://www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/recaptcha__en.js';po.crossOrigin='anonym

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2228
Entropy (8bit):	7.82817506159911
Encrypted:	false
SSDEEP:
MD5:	EF9941290C50CD3866E2BA6B793F010D
SHA1:	4736508C795667DCEA21F8D864233031223B7832
SHA-256:	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
SHA-512:	A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
Malicious:	false
Reputation:	low
URL:	https://www.gstatic.com/recaptcha/api2/logo_48.png
Preview:	.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6....Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6.....,xz.._......B."#...L(n..f..Yb....8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o..........x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.....-.A.}.......I .P.....S....\|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.\|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4\|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://rediforib.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 102

Chrome Cache Entry: 105

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Chrome Cache Entry: 96

Chrome Cache Entry: 97

Chrome Cache Entry: 98

Chrome Cache Entry: 99

Static File Info

Windows Analysis Report
https://rediforib.com