Windows Analysis Report
http://www1.mpnrs.com/pkrs/pkrda.js

Overview

General Information

Sample URL:	http://www1.mpnrs.com/pkrs/pkrda.js
Analysis ID:	1431044
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Stores files to the Windows start menu directory

Classification

Signatures

Source: http://www1.mpnrs.com/pkrs/pkrda.js

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.32.230.129:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.32.230.129:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49717 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 24 Apr 2024 11:51:33 GMTServer: ApacheLast-Modified: Fri, 19 Jul 2013 13:57:44 GMTETag: "13c8d5-91b-4e1ddb5fb2600"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipAccess-Control-Allow-Origin: http://www3.mpnrs.comAccess-Control-Allow-Credentials: trueP3P: policyref="http://www1.mpnrs.com/w3c/p3p.xml", CP="NID DSP NOI COR"Content-Length: 1447Keep-Alive: timeout=10Connection: Keep-AliveContent-Type: application/x-javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 75 56 6d 93 da 36 10 fe de 99 fe 07 c7 33 c5 52 31 02 73 01 02 44 61 ee 35 b9 24 77 97 86 4b da 06 d3 19 61 cb 60 30 b6 4f 16 6f 41 fe 65 fd d0 9f d4 bf d0 95 f1 71 37 ed f4 e6 bc 7a b4 5a 49 8f 76 57 2b fe fe f3 2f be 66 11 0a 56 b1 27 c3 24 46 a9 cd 6c cf 5e d8 dc 16 78 cf e9 51 ef e1 bd e0 72 25 00 bd 6e 37 07 96 d5 e3 28 65 22 e3 d7 b1 44 5e bd dd c4 18 57 11 f2 a8 f7 13 e0 37 27 ad c1 50 8a 30 9e 92 40 24 cb f3 19 13 e7 89 cf 91 57 6d 76 71 cf 23 32 39 8c a2 93 36 c6 79 3f 0c 90 d5 b0 88 e0 69 c4 3c 8e 1a 36 c7 94 36 f0 7e 33 0b 23 98 54 ab 61 31 82 16 8f e9 62 e4 8d fb 0b 3a 3a f2 e2 8f bc 0c 30 19 2b c5 f3 71 ff 19 ed c7 51 0b 8d 4e 6a 9d ee 7c b1 ac 09 59 fb 7e 5a fb 36 56 8e eb 6e b0 95 f7 3d ea e4 fd a7 ad 80 8c de 05 a7 34 3d 32 8a f9 c6 f8 cc a7 97 db 14 59 ae 3b b1 aa 9a 4d b5 80 b6 35 b5 b0 5d cc e8 97 4c d2 1c 59 6d a3 45 f7 6c d3 93 f6 db de dc 5e c1 b7 eb 2d 11 b3 27 e0 5d 1f ef 4f 90 47 be 23 f3 0f b3 ca aa 66 bd fe 8e 5c 93 f7 26 7e 41 63 bc 6f 1b 01 5d 90 5f 90 6b f9 e1 da b5 70 3f 20 6b f2 99 ba d6 d0 b5 0a 7c 0f f8 4b 89 bf 02 3e 2d f1 af 47 1c c6 31 17 ef ee 6f 3e 82 e6 75 b8 9c 1a 67 d4 74 2d d8 ca b5 ca bd ea 93 88 c5 0b 32 0d 83 c1 0e 8c aa 3c f3 58 ca 61 cf a0 07 3d 0f 0c 23 0d fc aa b9 cc a6 3d b3 3a c1 a0 32 0d 16 45 c9 46 0a 16 67 10 7b 1e 7b 3b 6a 76 4d 63 13 fa 72 46 4d c7 34 66 3c 9c ce 64 01 03 c1 96 7c 92 08 9f 0b 6a 36 4c 63 4d cd cf 3d 63 d8 37 ee 7b c6 97 be f1 b5 67 9c f6 8d 5f b5 34 8d fa 1b a0 bd 20 93 c4 df 91 df 50 00 8e 34 ba b9 30 e6 b9 dd 01 a7 69 6f 25 e8 25 e9 40 52 98 a9 89 f7 00 29 92 24 4a 3c a6 83 0c 3d 38 c2 39 f0 c5 83 43 0b ff 1f e0 eb ff 6b 5e db 60 b4 45 3e 22 0c 03 ac f4 f5 84 32 72 06 fd 49 11 8e 73 13 63 bd ba 79 de 33 fb 0f 46 01 3f f4 cc fc 61 7f 84 39 10 83 4e 6e df 3c 51 3b 12 a3 fb 3c 6f 1b 3e 8d 8b ad 25 f9 fd 71 04 20 2d c3 0f 29 69 b4 c8 0e b5 48 07 61 fb a0 ca f3 03 d5 8b a7 23 5e d0 c2 e0 98 1d 75 9f 47 e1 9a 8b 66 3d 5d 08 32 cf 06 2c db d1 ae 59 4e bc 7d 9a 78 0b ce 70 ad 52 7f f9 a4 bf 2c f4 7d 4d ef d1 09 7e e1 84 c7 56 27 9e 0f ce 68 1b 53 1a 90 2c 8d 42 09 09 31 d0 29 78 82 a6 24 e2 f1 54 ce de d0 e6 61 b1 e9 c8 19 83 33 72 29 76 30 33 a4 c0 18 ee 3f 48 c8 3e 9f 6f ef 82 72 2e a5 35 47 c7 65 50 84 a5 02 9a 2a 4c 87 ef 16 32 aa 22 42 5f a7 1f fa 66 5c 30 c9 11 c6 64 ca e5 7d b8 04 08 3c 66 c0 d4 71 0a aa 33 72 57 a9 cc c8 d5 eb 57 Data Ascii: uVm63R1sDa5$wKa`0OoAeq7zZIvW+/fV'$Fl^xQ

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fbT4DtbpMhK5O2c&MD=5VEvDZTV HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTUser-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fbT4DtbpMhK5O2c&MD=5VEvDZTV HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /pkrs/pkrda.js HTTP/1.1Host: www1.mpnrs.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www1.mpnrs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://www1.mpnrs.com/pkrs/pkrda.jsAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www1.mpnrs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www1.mpnrs.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714

Source: unknown	HTTPS traffic detected: 23.32.230.129:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.32.230.129:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49717 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@14/8@6/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www1.mpnrs.com/pkrs/pkrda.js
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1948,i,3674653001744306670,10407377831617541727,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1948,i,3674653001744306670,10407377831617541727,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
62.216.176.7	www1.mpnrs.com	Germany	25560	RHTEC-ASrh-tecIPBackboneDE	false
142.250.141.147	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.17
192.168.2.16

Contacted Domains

Name	IP	Active
www.google.com	142.250.141.147	true
www1.mpnrs.com	62.216.176.7	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www1.mpnrs.com/favicon.ico	false		high
http://www1.mpnrs.com/pkrs/pkrda.js	false		high

ID:	1431044
Product:	CloudBasic
Start time:	13:51:04
Start date:	24.04.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 10:51:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	69B071CDFB4961C5A53CDD61E47978C5	ECB292CE38BE7B4B79E007B29FEF748B4C5A203E	5E6E13C9801D434C3C33841EB4466D9020A20F89CED20855527989972BBC7107
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 10:51:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	18531FBA41BC2FAD35477BB3AEA6BA25	E67AF5092C9489427EAB2577485ED69E72FBAEE7	5FA520ED612977F8AF9E6C39534433C3CA2EAA055180A8F558FCEBE0480A73CD
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	E5CFFC61C064569AB7C8D25DF0803374	83E5007A33385A410969D708C608FDF512ACEFCB	3E511725764FC898EAF1D68898E3AE055B131BF2543DEFEFA508E85FEDB8E3BF
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 10:51:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	9376FEEF071D3702646416C4B59FA91F	0A87A487DBC2C77ACE18C044F371A68B245C2C13	E1DD57E2FE7DBF393D061CD945B0BFC5A2F6F6B99B7D8C390EA062F68B19AC90
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 10:51:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	E0AD5ABED8FE05F468BECD581415F97D	C8FC7379C979A9846D764C4F953ADE293D558C8A	E0D93012A8189EC34C0AC968064E4AC6C6CBF0C09FC9DE052A60737ECBF310AA
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 10:51:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	0DF41ABCE6993A97B3C754CFEF4F1095	BB770CBFCE391D1DAFA96622BDE86CA62A6267D3	F6593E06440BB290564C9273DB74B022AA9952FB723F41D9334D1FF23A9BC579
Chrome Cache Entry: 57	gzip compressed data, from Unix, original size modulo 2^32 2331	7F775596D9CE3FEB36F707C239361C23	4C2537701C6D380ED578329B0BA7C845A99B7C2E	C70A29E9FF5E390C52BCC7D9A9AE781BD1C304EF8E31E66489F294E7EC67CDAA

Windows Analysis Report
http://www1.mpnrs.com/pkrs/pkrda.js

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://www1.mpnrs.com/pkrs/pkrda.js

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://www1.mpnrs.com/pkrs/pkrda.js