Windows Analysis Report
http://safe-browsing-quorum.privacy.ghostery.net

Overview

General Information

Sample URL:	http://safe-browsing-quorum.privacy.ghostery.net
Analysis ID:	1428840
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Stores files to the Windows start menu directory

Classification

Signatures

Source: http://ghostery.net/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49720 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ghostery.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ghostery.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://ghostery.net/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: safe-browsing-quorum.privacy.ghostery.net

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: CloudFrontDate: Fri, 19 Apr 2024 15:28:49 GMTContent-Type: text/htmlContent-Length: 915Connection: keep-aliveX-Cache: Error from cloudfrontVia: 1.1 5c42606592ccd5dbe3b02deff8a08eda.cloudfront.net (CloudFront)X-Amz-Cf-Pop: ATL56-C1X-Amz-Cf-Id: U4fyUg5tg0OgjCIQ9gewY15OFuq7m1Yg6Z3x1PH37mSanA6t5Dj4qA==Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 3e 0a 3c 54 49 54 4c 45 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 73 61 74 69 73 66 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 34 30 33 20 45 52 52 4f 52 3c 2f 48 31 3e 0a 3c 48 32 3e 54 68 65 20 72 65 71 75 65 73 74 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 73 61 74 69 73 66 69 65 64 2e 3c 2f 48 32 3e 0a 3c 48 52 20 6e 6f 73 68 61 64 65 20 73 69 7a 65 3d 22 31 70 78 22 3e 0a 42 61 64 20 72 65 71 75 65 73 74 2e 0a 57 65 20 63 61 6e 27 74 20 63 6f 6e 6e 65 63 74 20 74 6f 20 74 68 65 20 73 65 72 76 65 72 20 66 6f 72 20 74 68 69 73 20 61 70 70 20 6f 72 20 77 65 62 73 69 74 65 20 61 74 20 74 68 69 73 20 74 69 6d 65 2e 20 54 68 65 72 65 20 6d 69 67 68 74 20 62 65 20 74 6f 6f 20 6d 75 63 68 20 74 72 61 66 66 69 63 20 6f 72 20 61 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 65 72 72 6f 72 2e 20 54 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 2c 20 6f 72 20 63 6f 6e 74 61 63 74 20 74 68 65 20 61 70 70 20 6f 72 20 77 65 62 73 69 74 65 20 6f 77 6e 65 72 2e 0a 3c 42 52 20 63 6c 65 61 72 3d 22 61 6c 6c 22 3e 0a 49 66 20 79 6f 75 20 70 72 6f 76 69 64 65 20 63 6f 6e 74 65 6e 74 20 74 6f 20 63 75 73 74 6f 6d 65 72 73 20 74 68 72 6f 75 67 68 20 43 6c 6f 75 64 46 72 6f 6e 74 2c 20 79 6f 75 20 63 61 6e 20 66 69 6e 64 20 73 74 65 70 73 20 74 6f 20 74 72 6f 75 62 6c 65 73 68 6f 6f 74 20 61 6e 64 20 68 65 6c 70 20 70 72 65 76 65 6e 74 20 74 68 69 73 20 65 72 72 6f 72 20 62 79 20 72 65 76 69 65 77 69 6e 67 20 74 68 65 20 43 6c 6f 75 64 46 72 6f 6e 74 20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 0a 3c 42 52 20 63 6c 65 61 72 3d 22 61 6c 6c 22 3e 0a 3c 48 52 20 6e 6f 73 68 61 64 65 20 73 69 7a 65 3d 22 31 70 78 22 3e 0a 3c 50 52 45 3e 0a 47 65 6e 65 72 61 74 65 64 20 62 79 20 63 6c 6f 75 64 66 72 6f 6e 74 20 28 43 6c 6f 75 64 46 72 6f 6e 74 29 0a 52 65 71 75 65 73 74 20 49 44 3a 20 55 34 66 79 55 67 35 74 67 30 4f 67 6a 43 49 51 39 67 65 77 59 31 35 4f 46 75 71 37 6d 31 59 67 36 5a 33 78 31 50 48 33 37 6d 53 61 6e 41 36 74 35 44 6a 34 71 41 3d 3d 0a 3c 2f 50 52 45 3e 0a 3
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: CloudFrontDate: Fri, 19 Apr 2024 15:28:50 GMTContent-Type: text/htmlContent-Length: 915Connection: keep-aliveX-Cache: Error from cloudfrontVia: 1.1 5c42606592ccd5dbe3b02deff8a08eda.cloudfront.net (CloudFront)X-Amz-Cf-Pop: ATL56-C1X-Amz-Cf-Id: 1bz6fH-2f1ZZDJ9DDLTk9tHpNH0Lrbga6WVNy9Zwwj5C5xmZEaoH7g==Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 3e 0a 3c 54 49 54 4c 45 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 73 61 74 69 73 66 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 34 30 33 20 45 52 52 4f 52 3c 2f 48 31 3e 0a 3c 48 32 3e 54 68 65 20 72 65 71 75 65 73 74 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 73 61 74 69 73 66 69 65 64 2e 3c 2f 48 32 3e 0a 3c 48 52 20 6e 6f 73 68 61 64 65 20 73 69 7a 65 3d 22 31 70 78 22 3e 0a 42 61 64 20 72 65 71 75 65 73 74 2e 0a 57 65 20 63 61 6e 27 74 20 63 6f 6e 6e 65 63 74 20 74 6f 20 74 68 65 20 73 65 72 76 65 72 20 66 6f 72 20 74 68 69 73 20 61 70 70 20 6f 72 20 77 65 62 73 69 74 65 20 61 74 20 74 68 69 73 20 74 69 6d 65 2e 20 54 68 65 72 65 20 6d 69 67 68 74 20 62 65 20 74 6f 6f 20 6d 75 63 68 20 74 72 61 66 66 69 63 20 6f 72 20 61 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 65 72 72 6f 72 2e 20 54 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 2c 20 6f 72 20 63 6f 6e 74 61 63 74 20 74 68 65 20 61 70 70 20 6f 72 20 77 65 62 73 69 74 65 20 6f 77 6e 65 72 2e 0a 3c 42 52 20 63 6c 65 61 72 3d 22 61 6c 6c 22 3e 0a 49 66 20 79 6f 75 20 70 72 6f 76 69 64 65 20 63 6f 6e 74 65 6e 74 20 74 6f 20 63 75 73 74 6f 6d 65 72 73 20 74 68 72 6f 75 67 68 20 43 6c 6f 75 64 46 72 6f 6e 74 2c 20 79 6f 75 20 63 61 6e 20 66 69 6e 64 20 73 74 65 70 73 20 74 6f 20 74 72 6f 75 62 6c 65 73 68 6f 6f 74 20 61 6e 64 20 68 65 6c 70 20 70 72 65 76 65 6e 74 20 74 68 69 73 20 65 72 72 6f 72 20 62 79 20 72 65 76 69 65 77 69 6e 67 20 74 68 65 20 43 6c 6f 75 64 46 72 6f 6e 74 20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 0a 3c 42 52 20 63 6c 65 61 72 3d 22 61 6c 6c 22 3e 0a 3c 48 52 20 6e 6f 73 68 61 64 65 20 73 69 7a 65 3d 22 31 70 78 22 3e 0a 3c 50 52 45 3e 0a 47 65 6e 65 72 61 74 65 64 20 62 79 20 63 6c 6f 75 64 66 72 6f 6e 74 20 28 43 6c 6f 75 64 46 72 6f 6e 74 29 0a 52 65 71 75 65 73 74 20 49 44 3a 20 31 62 7a 36 66 48 2d 32 66 31 5a 5a 44 4a 39 44 44 4c 54 6b 39 74 48 70 4e 48 30 4c 72 62 67 61 36 57 56 4e 79 39 5a 77 77 6a 35 43 35 78 6d 5a 45 61 6f 48 37 67 3d 3d 0a 3c 2f 50 52 45 3e 0a 3

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49720 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@18/6@12/125

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://safe-browsing-quorum.privacy.ghostery.net/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1980,i,11252106107942964858,8617483940853653510,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1980,i,11252106107942964858,8617483940853653510,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
34.233.209.177	unknown	United States	14618	AMAZON-AESUS	false
74.125.136.94	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
172.253.124.99	www.google.com	United States	15169	GOOGLEUS	false
142.250.105.94	unknown	United States	15169	GOOGLEUS	false
18.206.42.159	safe-browsing-quorum.privacy.ghostery.net	United States	14618	AMAZON-AESUS	false
3.229.24.201	unknown	United States	14618	AMAZON-AESUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
3.212.211.68	unknown	United States	14618	AMAZON-AESUS	false
64.233.176.100	unknown	United States	15169	GOOGLEUS	false
54.230.253.44	ghostery.net	United States	16509	AMAZON-02US	false
108.177.122.84	unknown	United States	15169	GOOGLEUS	false
142.250.9.99	unknown	United States	15169	GOOGLEUS	false
64.233.185.138	unknown	United States	15169	GOOGLEUS	false
54.230.253.53	unknown	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
safe-browsing-quorum.privacy.ghostery.net	18.206.42.159	true
ghostery.net	54.230.253.44	true
www.google.com	172.253.124.99	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://ghostery.net/favicon.ico	false		unknown
http://ghostery.net/	false		unknown

ID:	1428840
Product:	CloudBasic
Start time:	17:26:46
Start date:	19.04.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 14:27:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	6C9805A395512F1DA4A4416ABFF811C0	A61DC9E82F170218D7D07601AAEEE98AC76A785C	8BD43AF8B12EF21CFD863C5140AAA65FF34AAB3344F35A6DBE0098D668CF9749
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 14:27:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	C96D4B512B8390E3083F77FDD82A3D5F	DAFF847FF8BC22F790F4A7846B45F642C26475A2	4099C7F192DDE31F20082B3B795A171EDF6694EF1D551A818C48B1FBF3891FD0
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	48324D651FEA03C3983B0F5546F065BB	9FC0BFBF7B70C6F1F332CB45ACE547C463875138	C54AB473832C8F1C78FBBAB983B31DB13923D0D2F7931F2051FBC3B4E0B25263
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 14:27:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	F9801E8425F950D0F2CE90E21E94CDD4	6B18817FC4027ABEF3E85E89823A13E2ABE627DC	DFAD0AF18DA6FE73D5434CA350C07F0B61EF7EF1E14CBFD4AF26A007935B6584
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 14:27:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	E6E9C7BEF5F965CA1D18DDA68E95FA76	F29271CD8B69940766FA8708E738754EC34D8673	E0A1EF96C15CCAE2FEDBC2D3759830CD130A9EDB71473CC79A0A8BAE3F933422
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 14:27:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	175A9268B8A400ADD49BCA59201E74F0	4CFBF9CD3C8805239017B93FC6C604DC9422D530	D3857BEA2627F5F2C6D353DF482DCAF6C23E26A9B7348165F407F1D70CA24AEE

Windows Analysis Report
http://safe-browsing-quorum.privacy.ghostery.net

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://safe-browsing-quorum.privacy.ghostery.net

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://safe-browsing-quorum.privacy.ghostery.net