Edit tour

Windows Analysis Report
https://us-west-2.protection.sophos.com/?d=venmo.com&u=aHR0cHM6Ly92ZW5tby5jb20vc2lnbnVwL3N0YXJ0P2VtYWlsPW5vcmVwbHkxMSU0MHdxZXJkZmQub25taWNyb3NvZnQuY29tJmludml0ZV9pZD02NjJhNzViZTNjYWMxN2E3MGE5OTA0ZmEmbnI9MSZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9zb3VyY2U9cG51&p=m&i=NjI3Mjc4OTk0MGU3YTAxM2U2ZWIxMDY3&t=RTdyMWVwN0l

Overview

General Information

Sample URL:	https://us-west-2.protection.sophos.com/?d=venmo.com&u=aHR0cHM6Ly92ZW5tby5jb20vc2lnbnVwL3N0YXJ0P2VtYWlsPW5vcmVwbHkxMSU0MHdxZXJkZmQub25taWNyb3NvZnQuY29tJmludml0ZV9pZD02NjJhNzViZTNjYWMxN2E3MGE5OTA0ZmEmb
Analysis ID:	1432118

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6844 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://us-west-2.protection.sophos.com/?d=venmo.com&u=aHR0cHM6Ly92ZW5tby5jb20vc2lnbnVwL3N0YXJ0P2VtYWlsPW5vcmVwbHkxMSU0MHdxZXJkZmQub25taWNyb3NvZnQuY29tJmludml0ZV9pZD02NjJhNzViZTNjYWMxN2E3MGE5OTA0ZmEmbnI9MSZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9zb3VyY2U9cG51&p=m&i=NjI3Mjc4OTk0MGU3YTAxM2U2ZWIxMDY3&t=RTdyMWVwN0ltVWFjZ3cvWmVHNTRWVkd1STQwUzVVNzEveWYyR0FYYXVhMD0=&h=4ce9b067fcbf486e8f27561ce3d3058e&s=AVNPUEhUT0NFTkNSWVBUSVaS8c9jSpZcrH9uvMBTWALM8OUVCaCMDIwUwmubUWsN9g MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 7036 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1896,i,4217535207556734444,15616684847690701236,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.17:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.17:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.29.10:443 -> 192.168.2.17:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.50.112.60:443 -> 192.168.2.17:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49795 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 29MB

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: us-west-2.protection.sophos.com
Source: global traffic	DNS traffic detected: DNS query: venmo.com
Source: global traffic	DNS traffic detected: DNS query: account.venmo.com
Source: global traffic	DNS traffic detected: DNS query: www.paypalobjects.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: jssdkcdns.mparticle.com
Source: global traffic	DNS traffic detected: DNS query: identity.mparticle.com
Source: global traffic	DNS traffic detected: DNS query: cdn.optimizely.com
Source: global traffic	DNS traffic detected: DNS query: c.paypal.com
Source: global traffic	DNS traffic detected: DNS query: www.paypal.com
Source: global traffic	DNS traffic detected: DNS query: c6.paypal.com
Source: global traffic	DNS traffic detected: DNS query: b.stats.paypal.com
Source: global traffic	DNS traffic detected: DNS query: t.paypal.com
Source: global traffic	DNS traffic detected: DNS query: lvs.stats.paypal.com
Source: global traffic	DNS traffic detected: DNS query: id.venmo.com
Source: global traffic	DNS traffic detected: DNS query: jssdks.mparticle.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.17:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.17:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.29.10:443 -> 192.168.2.17:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.50.112.60:443 -> 192.168.2.17:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49795 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@16/28@54/291

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://us-west-2.protection.sophos.com/?d=venmo.com&u=aHR0cHM6Ly92ZW5tby5jb20vc2lnbnVwL3N0YXJ0P2VtYWlsPW5vcmVwbHkxMSU0MHdxZXJkZmQub25taWNyb3NvZnQuY29tJmludml0ZV9pZD02NjJhNzViZTNjYWMxN2E3MGE5OTA0ZmEmbnI9MSZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9zb3VyY2U9cG51&p=m&i=NjI3Mjc4OTk0MGU3YTAxM2U2ZWIxMDY3&t=RTdyMWVwN0ltVWFjZ3cvWmVHNTRWVkd1STQwUzVVNzEveWYyR0FYYXVhMD0=&h=4ce9b067fcbf486e8f27561ce3d3058e&s=AVNPUEhUT0NFTkNSWVBUSVaS8c9jSpZcrH9uvMBTWALM8OUVCaCMDIwUwmubUWsN9g
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1896,i,4217535207556734444,15616684847690701236,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1896,i,4217535207556734444,15616684847690701236,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://us-west-2.protection.sophos.com/?d=venmo.com&u=aHR0cHM6Ly92ZW5tby5jb20vc2lnbnVwL3N0YXJ0P2VtYWlsPW5vcmVwbHkxMSU0MHdxZXJkZmQub25taWNyb3NvZnQuY29tJmludml0ZV9pZD02NjJhNzViZTNjYWMxN2E3MGE5OTA0ZmEmbnI9MSZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9zb3VyY2U9cG51&p=m&i=NjI3Mjc4OTk0MGU3YTAxM2U2ZWIxMDY3&t=RTdyMWVwN0ltVWFjZ3cvWmVHNTRWVkd1STQwUzVVNzEveWYyR0FYYXVhMD0=&h=4ce9b067fcbf486e8f27561ce3d3058e&s=AVNPUEhUT0NFTkNSWVBUSVaS8c9jSpZcrH9uvMBTWALM8OUVCaCMDIwUwmubUWsN9g	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
paypal.map.fastly.net	0%	Virustotal	Browse
dualstack.paypal-dynamic-2.map.fastly.net	0%	Virustotal	Browse
mparticle.map.fastly.net	0%	Virustotal	Browse
paypal-dynamic-2.map.fastly.net	0%	Virustotal	Browse
paypal-dynamic.map.fastly.net	0%	Virustotal	Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
mparticle.map.fastly.net	151.101.130.133	true	false	0%, Virustotal, Browse	unknown
paypal.map.fastly.net	151.101.194.133	true	false	0%, Virustotal, Browse	unknown
dualstack.paypal-dynamic-2.map.fastly.net	151.101.65.35	true	false	0%, Virustotal, Browse	unknown
paypal-dynamic-2.map.fastly.net	151.101.1.35	true	false	0%, Virustotal, Browse	unknown
account.venmo.com	52.84.150.34	true	false		high
paypal-dynamic.map.fastly.net	151.101.193.21	true	false	0%, Virustotal, Browse	unknown
jssdks.mparticle.com	151.101.194.133	true	false		high
d2t07dpvw9bt1v.cloudfront.net	99.84.252.10	true	false		high
venmo.com	52.84.150.50	true	false		high
www.google.com	142.250.64.196	true	false		high
jssdkcdns.mparticle.com	151.101.66.133	true	false		high
stats.glb.paypal.com	35.235.122.5	true	false		high
lvs.stats.paypal.com	35.235.122.5	true	false		high
c.paypal.com	unknown	unknown	false		high
us-west-2.protection.sophos.com	unknown	unknown	false		high
c6.paypal.com	unknown	unknown	false		high
b.stats.paypal.com	unknown	unknown	false		high
id.venmo.com	unknown	unknown	false		high
www.paypal.com	unknown	unknown	false		high
cdn.optimizely.com	unknown	unknown	false		high
identity.mparticle.com	unknown	unknown	false		high
t.paypal.com	unknown	unknown	false		high
www.paypalobjects.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
151.101.130.133	mparticle.map.fastly.net	United States	54113	FASTLYUS	false
52.84.150.50	venmo.com	United States	16509	AMAZON-02US	false
151.101.1.35	paypal-dynamic-2.map.fastly.net	United States	54113	FASTLYUS	false
142.250.217.238	unknown	United States	15169	GOOGLEUS	false
142.250.64.232	unknown	United States	15169	GOOGLEUS	false
35.235.122.5	stats.glb.paypal.com	United States	15169	GOOGLEUS	false
151.101.65.35	dualstack.paypal-dynamic-2.map.fastly.net	United States	54113	FASTLYUS	false
151.101.129.35	unknown	United States	54113	FASTLYUS	false
142.251.35.238	unknown	United States	15169	GOOGLEUS	false
99.84.252.10	d2t07dpvw9bt1v.cloudfront.net	United States	16509	AMAZON-02US	false
172.217.3.67	unknown	United States	15169	GOOGLEUS	false
151.101.66.133	jssdkcdns.mparticle.com	United States	54113	FASTLYUS	false
151.101.194.133	paypal.map.fastly.net	United States	54113	FASTLYUS	false
151.101.193.21	paypal-dynamic.map.fastly.net	United States	54113	FASTLYUS	false
192.178.50.67	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
23.37.16.196	unknown	United States	9299	IPG-AS-APPhilippineLongDistanceTelephoneCompanyPH	false
142.250.217.206	unknown	United States	15169	GOOGLEUS	false
151.101.1.21	unknown	United States	54113	FASTLYUS	false
108.177.11.84	unknown	United States	15169	GOOGLEUS	false
52.84.150.58	unknown	United States	16509	AMAZON-02US	false
52.84.150.34	account.venmo.com	United States	16509	AMAZON-02US	false
142.250.64.196	www.google.com	United States	15169	GOOGLEUS	false
142.250.217.174	unknown	United States	15169	GOOGLEUS	false
151.101.129.21	unknown	United States	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
184.84.136.157	unknown	United States	16625	AKAMAI-ASUS	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432118
Start date and time:	2024-04-26 14:22:14 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://us-west-2.protection.sophos.com/?d=venmo.com&u=aHR0cHM6Ly92ZW5tby5jb20vc2lnbnVwL3N0YXJ0P2VtYWlsPW5vcmVwbHkxMSU0MHdxZXJkZmQub25taWNyb3NvZnQuY29tJmludml0ZV9pZD02NjJhNzViZTNjYWMxN2E3MGE5OTA0ZmEmbnI9MSZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9zb3VyY2U9cG51&p=m&i=NjI3Mjc4OTk0MGU3YTAxM2U2ZWIxMDY3&t=RTdyMWVwN0ltVWFjZ3cvWmVHNTRWVkd1STQwUzVVNzEveWYyR0FYYXVhMD0=&h=4ce9b067fcbf486e8f27561ce3d3058e&s=AVNPUEhUT0NFTkNSWVBUSVaS8c9jSpZcrH9uvMBTWALM8OUVCaCMDIwUwmubUWsN9g
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@16/28@54/291

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 192.178.50.67, 108.177.11.84, 142.250.217.174, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 11:23:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.988557406147516
Encrypted:	false
SSDEEP:
MD5:	510F4B906112460DE37F561630FC99E5
SHA1:	C5D8821DA272C746BBFB29845AD6DD858BDAF07C
SHA-256:	7B868A37CAF8E10CBCBFD91AB708EBAF5DAC1DC9DD6F3CC214F9CB7AB5C34DAB
SHA-512:	499A54CAF84927C42D07CA2F31DA09610A42ABAEBAB1020FB0C59D361534C125400C373FD25D711E0FBB3D9D3CA2614927291B632FC12DA36499D7300B9864D6
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....2.a........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.b....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.b....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.b....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.b...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.b...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........>9.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 11:23:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.006803092017529
Encrypted:	false
SSDEEP:
MD5:	59EC3024B46CFF2BEB2DE8F89E96672D
SHA1:	30879FCC3DA8359AC6DC74706B6D1CE3B1AD5BE5
SHA-256:	EB03679045C98B319649E437A9F4922F7706E967EE1560EBFD8613E6B562193F
SHA-512:	C970207F1507279880FAA8BC2442E362364FE2BC12E7A92D75746F9EF9C0BB89797120A927558CBCE40BAED1E4F2441F8A594AC20B347EE43AD87C49CA2B126A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....z.S........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.b....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.b....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.b....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.b...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.b...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........>9.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.013700231572502
Encrypted:	false
SSDEEP:
MD5:	EF30A6430FA0FC0B4F5D6C469BC3230F
SHA1:	1D2F2A331EE512A613F6543566A97759E5C0B631
SHA-256:	C2358AC6673EA7E2D1F7B2DD64FEFF324B99EEFD358720DFCC2CC61BB6B90733
SHA-512:	7F309D72F3EB25172FE0CA3EF7B8E656CF3FEEF252A135A876358194B8E60AAB18429AC841DBFF93DBDC1A540C19F8BB5D77432B6235E4EFC540D10D35B1FF05
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.b....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.b....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.b....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.b...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........>9.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 11:23:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.005855504648166
Encrypted:	false
SSDEEP:
MD5:	750C335E79E8ABCD8085064B2436C16C
SHA1:	61726E90517F34E6919AC9C01A482E20400550ED
SHA-256:	66B7C00DEC186225483090B679835EBAAD9F71139E880151F26B8402CB34E5C2
SHA-512:	F4CF69B0F9254FACFF53FB6255CB29B7F86A671B3BFB01188E60EA12ECAB78BFA8F766D7DEA2E31F1B90CF841050B9DB19AA9A6E310706D57C9EE1F2D5F9A094
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......M........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.b....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.b....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.b....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.b...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.b...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........>9.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 11:23:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9955551461348358
Encrypted:	false
SSDEEP:
MD5:	3C6414189DCAFA8C4C2B66FFB7858CBA
SHA1:	860CE87B1A33CAFEDE97880ADEF0B1E984A4F0B2
SHA-256:	6CB152EDF80A3DAB282E8827C18CCE13FA2436A32809DB1F7BACAAFB63156CD6
SHA-512:	2034830C61E43C39886644E3F3465F1948B9F92B433B95F2296C584CB684536679C4E37E6D82D70822F1EA7BBC27A486753AD49C462A46AE1991083FCEC58DC3
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....f.Z........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.b....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.b....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.b....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.b...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.b...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........>9.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 11:23:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.0083201403134705
Encrypted:	false
SSDEEP:
MD5:	6790A56E92CCEA103C50B97C34E0C03F
SHA1:	D8730AFC9DE6EE99A2921DAA94C41A0F8458A8CC
SHA-256:	6EF69E7A13AF42C3EB9B91E16DEB087D7E4D52C61019EEF465809D8E7AEF30B5
SHA-512:	E3BBFE49F69FA09B343EB343A50B2EEDA44571968465A2E30E590FE9FA4FEEBF0F4E68D1A18FBA3C01EA35B598FC0475C9287B850104C150775A3A6CEBE7F793
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......C........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.b....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.b....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.b....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.b...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.b...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........>9.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (949)
Category:	downloaded
Size (bytes):	1321651
Entropy (8bit):	5.245235748662314
Encrypted:	false
SSDEEP:
MD5:	BB949FBFF809E012431A4D973F485663
SHA1:	4A65C8B167A60C1DFA239D12B83F2113F7DD5CE0
SHA-256:	E8AC132CC09DF55E9FBAC5921CC5817BF204D150653B381802DD31A89FC86A99
SHA-512:	A379B4927CDDC9514AEE3C3B5776361EBAFF01CE793BF6DB98865254D0755C25C16BE0A47C9293315BAE9A400252579552762129A3D0C4D695D6A2BA068EE9AD
Malicious:	false
Reputation:	unknown
URL:	https://account.venmo.com/_next/static/chunks/pages/index-33aaf4f439c82a26.js
Preview:	(self["webpackChunk_N_E"] = self["webpackChunk_N_E"] \|\| []).push([[5405],{../*/ 23983:.// (function(__unused_webpack_module, __webpack_exports__, __webpack_require__) {.."use strict";.// ESM COMPAT FLAG.__webpack_require__.r(__webpack_exports__);..// EXPORTS.__webpack_require__.d(__webpack_exports__, {. "default": function() { return / binding */ index_esm; }.});..;// CONCATENATED MODULE: ./node_modules/date-fns/esm/_lib/toInteger/index.js.function toInteger(dirtyNumber) {. if (dirtyNumber === null \|\| dirtyNumber === true \|\| dirtyNumber === false) {. return NaN;. }. var number = Number(dirtyNumber);. if (isNaN(number)) {. return number;. }. return number < 0 ? Math.ceil(number) : Math.floor(number);.}.// EXTERNAL MODULE: ./node_modules/@babel/runtime/helpers/esm/typeof.js.var esm_typeof = __webpack_require__(71002);.;// CONCATENATED MODULE: ./node_modules/date-fns/esm/_lib/requiredArgs/index.js.function requiredArgs(required, args) {. if (args.length < required) {.

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (63869)
Category:	downloaded
Size (bytes):	180956
Entropy (8bit):	5.2051203103374695
Encrypted:	false
SSDEEP:
MD5:	8C15583A4A43453584F560A54AD69AC5
SHA1:	EE1F186FBBA965DFBAD41B3D25DAB20C7C29008B
SHA-256:	E69E6074B3E838A4BBEB4A20F2A96E77BE67703EA606415AEDEE2FA073B634C4
SHA-512:	FA6C9706346A3BCA0946CFE2F30FE4A8CD590F76B825676C9C2705E47E049538E643B53355A86F0243F57464B7BFBAEFB1B13ED6469AA4AFED9BE1FBDB81543F
Malicious:	false
Reputation:	unknown
URL:	https://jssdkcdns.mparticle.com/js/v2/40433222e815b743853a4bb6b7a86058/mparticle.js?env=0
Preview:	//.// Copyright 2019 mParticle, Inc..//.// Licensed under the Apache License, Version 2.0 (the "License");.// you may not use this file except in compliance with the License..// You may obtain a copy of the License at.//.// http://www.apache.org/licenses/LICENSE-2.0.//.// Unless required by applicable law or agreed to in writing, software.// distributed under the License is distributed on an "AS IS" BASIS,.// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied..// See the License for the specific language governing permissions and.// limitations under the License..//.// Uses portions of code from jQuery.// jQuery v1.10.2 \| (c) 2005, 2013 jQuery Foundation, Inc. \| jquery.org/license..window.mParticle = window.mParticle \|\| {};;.window.mParticle.config = window.mParticle.config \|\| {};;.window.mParticle.config.serviceUrl = 'jssdk.mparticle.com/v2/JS/';;.window.mParticle.config.secureServiceUrl = 'jssdks.mparticle.com/v2/JS/';;.window.mParticle.config.app

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	dropped
Size (bytes):	42
Entropy (8bit):	3.122714743434665
Encrypted:	false
SSDEEP:
MD5:	ACCBA0B69F352B4C9440F05891B015C5
SHA1:	9D01CC5DC8E042C0D4AD6CFB8B3AC38E84A5EF9F
SHA-256:	47043E4823A6C21A8881DE789B4185355330B5804629D23F6B43DD93F5265292
SHA-512:	D3C4A5427BF645CC226106B0E8C28A76B0B91F50FA6D77E962A3B59B85BE2A0CFDB94EC0F40742F10C18025573D8FBFADECDDF60F4652BAE671F6031C02A7CB5
Malicious:	false
Reputation:	unknown
Preview:	GIF89a.............!.......,........@..D.;

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (38457)
Category:	downloaded
Size (bytes):	38486
Entropy (8bit):	5.345618194155939
Encrypted:	false
SSDEEP:
MD5:	3867690CF65CF9B04E72472455F34CF9
SHA1:	6972D67129AB146E710023E97F8343DFF85AFC83
SHA-256:	A70DAA1ECB6FDD37C71466675790D54B8BB70227CD2E397DB7EBCDE9D1432FB9
SHA-512:	2A5C2744617662E27C602FCF9295D4CB19F85B27F7DB09FBB136B0E7F7F456D6A22B3A2A74E8F07306A767DB8FAA3FB30C4E1F39246FF56A4C18A8068DA85812
Malicious:	false
Reputation:	unknown
URL:	https://www.paypalobjects.com/pa/js/pa_venmo.js
Preview:	/@ 2024 PayPal (v1.8.16) /.!function(){"use strict";var R="venmo";function o(){return(new Date).getTime()}function m(t){return Math.round(parseFloat(t))\|\|0}function a(t){if(!t\|\|t.constructor!==Object&&t.constructor!==Array)return t;var e,n=t.constructor();for(e in t)n[e]=a(t[e]);return n}function c(t,e,n){for(var r in void 0===n&&(n=!0),t=t\|\|{},e=e\|\|{})"undefined"!=typeof e[r]&&(n\|\|!n&&"undefined"==typeof t[r])&&(t[r]=e[r]);return t}function q(t,e){e=e\|\|{};var n,r=a(t=t\|\|{});for(n in e)try{e[n].constructor===Object&&r[n]&&r[n].constructor===Object?r[n]=q(r[n],e[n]):r[n]=e[n]}catch(i){r[n]=e[n]}return r}function u(){var i,a=window.crypto\|\|window.msCrypto;return(i=function i(){var t,e=2147483647;try{var n=new Uint32Array(1);a.getRandomValues(n),t=n[0]&e}catch(r){t=Math.round(e*Math.random())}return t.toString(16)})()+i()}window.PAYPAL=window.PAYPAL\|\|{},window.fpti=window.fpti\|\|{},window.fptiserverurl=window.fptiserverurl\|\|"https://t.paypal.com/ts";var F,e=function e(){},U=function U(){

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	646
Entropy (8bit):	4.768262924160781
Encrypted:	false
SSDEEP:
MD5:	F95326881ACA6EE557D3D5D8A669A8B5
SHA1:	BFBB8C936C2556086BBAF75F76B6B4AC5248F2A9
SHA-256:	A5FBBC45491760741144B2D841B6CFC6A44719B155039C439AD74338B2F4346E
SHA-512:	02A75BC89367BA6D3DC6A46434E8D50A1751A7CFBFCE9FE7E3C936A3B7992BA53007483F425FB65564E1165EF888AD9F506A1B93B626949AB798FE48B2710F15
Malicious:	false
Reputation:	unknown
URL:	https://www.paypalobjects.com/ncs/venmo/mapping.js
Preview:	(function(){. if(window){. window.cookiemapping = {. "venmo":{. "isClientCookies": true,. "filterAPI": "",. "essential":["cookie_prefs","tsrce","ts","ts_c","x-pp-s","l7_az","LANG","enforce_policy","tenant_ts","v_id","KHcl0EuY7AKSMgfvHl7J5E7hPtK","TLTSID","_csrf","api_access_token","w_fc"],. "functional":["amp_8f6a82","_dd_s","login_email"],. "performance":["sc_f"],. "marketing":["_gat_contentPageTracker","_gid","_ga","_gat","_ga_9EEMPVZPSW","_gat_gtag_UA_15492939_15","_gat_gtag_UA_15492939_14"]. }. }. }.})();

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	704343
Entropy (8bit):	5.0532185398015566
Encrypted:	false
SSDEEP:
MD5:	76538B7BF4E06AC0EDBAE9D664B5AFD1
SHA1:	0FE395FA5D13A1FD867EB1E6BE152B8EE3431DDF
SHA-256:	04DA9656E4EF637A466F9A1F4C9B3465F0A742190E062B356E3ED2339BA5DDDD
SHA-512:	C3E66BCB7C3A339FC83D251E91DD1BF560E03DFEA19899E050C937D4531E4EEB6FD68B7A3EE00286040352AEAF519CB0FB286CE983DCA5BA6179C51628DA6698
Malicious:	false
Reputation:	unknown
URL:	https://cdn.optimizely.com/datafiles/XEQMPVUNK7sdt5H4mJXAQ.json
Preview:	{"accountId":"17574920715","projectId":"17574920715","revision":"12494","attributes":[{"id":"18157315162","key":"device_name"},{"id":"18164490425","key":"device_os"},{"id":"18175701833","key":"os_version"},{"id":"18222852632","key":"identity_has_submitted"},{"id":"18236841636","key":"is_blocked"},{"id":"18238852342","key":"cip_status"},{"id":"18242491672","key":"needs_verification"},{"id":"18244572215","key":"is_group"},{"id":"18244801617","key":"is_active"},{"id":"18244872354","key":"available_instant_transfer_capabilities"},{"id":"18249981645","key":"is_limited_account"},{"id":"18250251116","key":"is_web_authorized"},{"id":"18252761666","key":"identity_type"},{"id":"18254440426","key":"is_balance_upgrade_user"},{"id":"18259381627","key":"is_suspended_for_disputes"},{"id":"18259672092","key":"is_venmo_team"},{"id":"18262190830","key":"is_goods_services_limited"},{"id":"18265142697","key":"is_indebted"},{"id":"18269021962","key":"friends_count"},{"id":"18269181752","key":"automatic_tra

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4559)
Category:	dropped
Size (bytes):	42933
Entropy (8bit):	5.231470427715636
Encrypted:	false
SSDEEP:
MD5:	F436A7577063FA3DE7C4DA91B1098377
SHA1:	3F0F986B1218B6BF06E0B0C5D35BE5EBBEA42FFF
SHA-256:	7B3DC2FE8CE9887A750BCEAB72DDB8EAA2DB8EF82B25DF6C72B0628206E15FD1
SHA-512:	DE38F34A96CB4DB9A368F8A01DB2B2576E8B34E6E03FA08F9F302C0E9461EC8FA219D380364432CB444A578B5215A8340966A6A3F09BFD74AD7B19C444A5180D
Malicious:	false
Reputation:	unknown
Preview:	@font-face{font-family:"Scto Grotesk A";font-style:normal;font-weight:400;src:local("Scto Grotesk A"),url("/static/fonts/Scto-Grotesk-A-Regular.woff") format("woff")}@font-face{font-family:"Scto Grotesk A Italic";font-style:italic;font-weight:400;src:local("Scto Grotesk A Italic"),url("/static/fonts/Scto-Grotesk-A-Regular-Italic.woff") format("woff")}@font-face{font-family:"Scto Grotesk A Medium";font-style:normal;font-weight:500;src:local("Scto Grotesk A Medium"),url("/static/fonts/Scto-Grotesk-A-Medium.woff") format("woff")}@font-face{font-family:"Scto Grotesk A Bold";font-style:normal;font-weight:700;src:local("Scto Grotesk A Bold"),url("/static/fonts/Scto-Grotesk-A-Bold.woff") format("woff")}@font-face{font-family:"Athletics Regular";font-style:normal;font-weight:400;src:local("Athletics"),url("/static/fonts/Athletics-Regular.woff") format("woff")}@font-face{font-family:"Athletics Medium";font-style:normal;font-weight:500;src:local("Athletics"),url("/static/fonts/Athletics-Medium.w

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (4450)
Category:	downloaded
Size (bytes):	48144
Entropy (8bit):	5.286851403246729
Encrypted:	false
SSDEEP:
MD5:	F9E2C1C1A5C489B8F9DDE34DE4A11B7A
SHA1:	5FB687488956C6E783C5732389EFDA7D9E60C71D
SHA-256:	5055DBDA3413C24C4343563770493B6AC16B5B4417B298197F51F60D1C5BF091
SHA-512:	84F1408D9AA9DDA8052F7BFA1EF88079593128492DCFE2E6493B78BE01C18D516B5E6557EE112A0A4551C90903D8F9DC6DAD1238991FB679EAA0B902BB8380EF
Malicious:	false
Reputation:	unknown
URL:	https://account.venmo.com/_next/static/css/7ce57f390c40a916.css
Preview:	@font-face{font-family:"Scto Grotesk A";font-style:normal;font-weight:400;src:local("Scto Grotesk A"),url("/static/fonts/Scto-Grotesk-A-Regular.woff") format("woff")}@font-face{font-family:"Scto Grotesk A Italic";font-style:italic;font-weight:400;src:local("Scto Grotesk A Italic"),url("/static/fonts/Scto-Grotesk-A-Regular-Italic.woff") format("woff")}@font-face{font-family:"Scto Grotesk A Medium";font-style:normal;font-weight:500;src:local("Scto Grotesk A Medium"),url("/static/fonts/Scto-Grotesk-A-Medium.woff") format("woff")}@font-face{font-family:"Scto Grotesk A Bold";font-style:normal;font-weight:700;src:local("Scto Grotesk A Bold"),url("/static/fonts/Scto-Grotesk-A-Bold.woff") format("woff")}@font-face{font-family:"Athletics Regular";font-style:normal;font-weight:400;src:local("Athletics"),url("/static/fonts/Athletics-Regular.woff") format("woff")}@font-face{font-family:"Athletics Medium";font-style:normal;font-weight:500;src:local("Athletics"),url("/static/fonts/Athletics-Medium.w

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5762)
Category:	downloaded
Size (bytes):	10283
Entropy (8bit):	5.35566149591199
Encrypted:	false
SSDEEP:
MD5:	37AADB605A5073402B4D4348108821FC
SHA1:	D6A53322D1CE7C096A16907CC42D623507A6DFE7
SHA-256:	C00273097FCC653A04461C4BAF69C033C96DD9098C77AF0A3BE8E4F96EEDCC04
SHA-512:	733E56E9FEC8C0D2526FB8B4F6C43810BD5C1EB7089414BF67DB95051448BFC5A366B2EAA18B1967361DF5CBED80DBC066EA3E8A41B4488970CCCB2FFED72C86
Malicious:	false
Reputation:	unknown
URL:	https://account.venmo.com/_next/static/css/6c9663029f270459.css
Preview:	@font-face{font-family:"Scto Grotesk A";font-style:normal;font-weight:400;src:local("Scto Grotesk A"),url("/static/fonts/Scto-Grotesk-A-Regular.woff") format("woff")}@font-face{font-family:"Scto Grotesk A Italic";font-style:italic;font-weight:400;src:local("Scto Grotesk A Italic"),url("/static/fonts/Scto-Grotesk-A-Regular-Italic.woff") format("woff")}@font-face{font-family:"Scto Grotesk A Medium";font-style:normal;font-weight:500;src:local("Scto Grotesk A Medium"),url("/static/fonts/Scto-Grotesk-A-Medium.woff") format("woff")}@font-face{font-family:"Scto Grotesk A Bold";font-style:normal;font-weight:700;src:local("Scto Grotesk A Bold"),url("/static/fonts/Scto-Grotesk-A-Bold.woff") format("woff")}@font-face{font-family:"Athletics Regular";font-style:normal;font-weight:400;src:local("Athletics"),url("/static/fonts/Athletics-Regular.woff") format("woff")}@font-face{font-family:"Athletics Medium";font-style:normal;font-weight:500;src:local("Athletics"),url("/static/fonts/Athletics-Medium.w

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4179)
Category:	downloaded
Size (bytes):	203018
Entropy (8bit):	5.54183263300919
Encrypted:	false
SSDEEP:
MD5:	CFE352A1B01DCDB79125FEFDB5704CBD
SHA1:	D96020F449DD600D743FD641D2449CF021F4AFBD
SHA-256:	5F4D5AF7FEDB938E714BC4485E0EC22AFCB5F690BD674A4634D40ADE0CD1201E
SHA-512:	A5582F06F034236A15718EFD2BE4E963A9E7BA6F13FB3E1CE5553E08C077A0D8A36009631D5F604BC0CCDCB7C779834BBE6A0E1FE7FE944AA1E7885B2D69A3B9
Malicious:	false
Reputation:	unknown
URL:	https://www.googletagmanager.com/gtag/js?id=UA-15492939-15&l=dataLayer&cx=c
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"}],. "tags":[{"function":"__ogt_1p_data_v2","priority":2,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_lastNameType":"CSS_SELECTOR","vtp_autoAddressEnabled":false,"vtp_regionValue":"","vtp_countryValue":"","vtp_isAutoCollectPiiEnabledFlag":false,"tag_id":6},{"function":"__c

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2343)
Category:	downloaded
Size (bytes):	52916
Entropy (8bit):	5.51283890397623
Encrypted:	false
SSDEEP:
MD5:	575B5480531DA4D14E7453E2016FE0BC
SHA1:	E5C5F3134FE29E60B591C87EA85951F0AEA36EE1
SHA-256:	DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
SHA-512:	174E48F4FB2A7E7A0BE1E16564F9ED2D0BBCC8B4AF18CB89AD49CF42B1C3894C8F8E29CE673BC5D9BC8552F88D1D47294EE0E216402566A3F446F04ACA24857A
Malicious:	false
Reputation:	unknown
URL:	https://www.google-analytics.com/analytics.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var n=this\|\|self,p=function(a,b){a=a.split(".");var c=n;a[0]in c\|\|"undefined"==typeof c.execScript\|\|c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length\|\|void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};function q(){for(var a=r,b={},c=0;c<a.length;++c)b[a[c]]=c;return b}function u(){var a="ABCDEFGHIJKLMNOPQRSTUVWXYZ";a+=a.toLowerCase()+"0123456789-_";return a+"."}var r,v;.function aa(a){function b(k){for(;d<a.length;){var m=a.charAt(d++),l=v[m];if(null!=l)return l;if(!/^[\s\xa0]*$/.test(m))throw Error("Unknown base64 encoding at char: "+m);}return k}r=r\|\|u();v=v\|\|q();for(var c="",d=0;;){var e=b(-1),f=b(0),h=b(64),g=b(64);if(64===g&&-1===e)return c;c+=String.fromCharCode(e<<2\|f>>4);64!=h&&(c+=String.fromCharCode(f<<4&240\|h>>2),64!=g&&(c+=String.fromCharCode(h<<6&192\|g)))}};var w={},y=function(a){w.TAGGING=w.TAGGING\|\|[];w.TAGGING[a]=!0};var ba=Array.isArray,c

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4179)
Category:	downloaded
Size (bytes):	278368
Entropy (8bit):	5.565192079650723
Encrypted:	false
SSDEEP:
MD5:	BFC361530DBA64EB326EA8A1ABA5FA05
SHA1:	7DBD1BC74EFAD2F558925EDE6C2651966453CD7C
SHA-256:	54B5012EC2E5E9BE5DDACF97AEBAB981D62915B48558E74D911EDD86B198167A
SHA-512:	50B5BBA3828B5102971A3DC8037C732C07AE3784278FEB532EB5A41087A57B274344D55D6BE16986BD92AB7906B6F7ED5DCD8C62F8E0903AB07A3A86A8025D1C
Malicious:	false
Reputation:	unknown
URL:	https://www.googletagmanager.com/gtag/js?id=G-9EEMPVZPSW
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_dma","priority":11,"vtp_delegationMode":"ON","vtp_dmaDefault":"DENIED","tag_id":105},{"function":"__ogt_1p_data_v2","priority":11,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (461)
Category:	downloaded
Size (bytes):	4618992
Entropy (8bit):	5.319670039207031
Encrypted:	false
SSDEEP:
MD5:	CA89A6EBA361A01B47C6FD3283A76A03
SHA1:	6EFD22AB0D4BD4C801A062A60135C5C524B34EF0
SHA-256:	EA6951F25B736EFF00E9D62AB99414EA0956F4350389337EC2DFE8C0284D72EA
SHA-512:	E9B8A3CC4EB05CB05BE149C379C028612849DB7A802B70FF5BD8E77FBFD382065C7BAD4BDF537D19FD4F62C33A31597732E488097FD90CC5764A9F592E564032
Malicious:	false
Reputation:	unknown
URL:	https://account.venmo.com/_next/static/chunks/pages/_app-0a560d71483f9f85.js
Preview:	(self["webpackChunk_N_E"] = self["webpackChunk_N_E"] \|\| []).push([[2888],{../*/ 83974:.// (function(__unused_webpack_module, __webpack_exports__, __webpack_require__) {.."use strict";./ harmony export / __webpack_require__.d(__webpack_exports__, {./ harmony export / "QS": function() { return / binding / makeVar; },./ harmony export / "_v": function() { return / binding / recallCache; },./ harmony export / "ab": function() { return / binding / cacheSlot; },./ harmony export / "li": function() { return / binding / forgetCache; }./ harmony export / });./ harmony import / var optimism__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(95039);./ harmony import / var _wry_context__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(38751);...var cacheSlot = new _wry_context__WEBPACK_IMPORTED_MODULE_1__/ .Slot */ .g7();.var cacheInfoMap = new WeakMap();.function getCacheInfo(cache) {. var info = cacheInfoMap.get(cache);. if (!info) {. cacheInfo

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (36413), with no line terminators
Category:	downloaded
Size (bytes):	36413
Entropy (8bit):	4.990076726898436
Encrypted:	false
SSDEEP:
MD5:	C49C6FA73F057CE06A4316A972F1C2D8
SHA1:	B6FA8F33CD86D1495ADF8EA73898A94BD09B193A
SHA-256:	8B340B5D80A2189043370D26C3FD88767FE0E237BA13E60CDB3BAC0C22E87474
SHA-512:	8E567CDBDF87306315E0D655CC41DEB76412BBB4B611E6046D5F4F895936AC0A3EF1E7BC44DAF560C0B5F69D8D88E121C26D963D3422B997FFEA836E58F253B1
Malicious:	false
Reputation:	unknown
URL:	https://account.venmo.com/_next/static/KayRtQ_1ym5_-NM6DR61r/_buildManifest.js
Preview:	self.__BUILD_MANIFEST = (function(a,b,c,d,e,f,g,h,i,j){return {__rewrites:{beforeFiles:[{source:"\u002F:nextInternalLocale(en)\u002Fsignup",destination:"\u002F:nextInternalLocale\u002Fsignup\u002Flogged-in-sign-up",has:[{type:"cookie",key:"api_access_token"}]},{source:e,destination:c}],afterFiles:[{source:"\u002F:nextInternalLocale(en)\u002Fincentives",destination:"\u002F:nextInternalLocale"},{source:"\u002F:nextInternalLocale(en)\u002Faccount\u002Fpassword-reset",destination:"\u002F:nextInternalLocale\u002Fpassword-reset"},{source:"\u002F:nextInternalLocale(en)\u002Faccount\u002Fpassword-new",destination:"\u002F:nextInternalLocale\u002Fpassword-new"},{source:"\u002F:nextInternalLocale(en)\u002Forganization-accounts\u002Fsign-in",destination:d},{source:"\u002F:nextInternalLocale(en)\u002Fgroups\u002Fsign-in",destination:d},{source:"\u002F:nextInternalLocale(en)\u002Fwebviews\u002Fsettings\u002Ftaxdocuments",destination:"\u002F:nextInternalLocale\u002Fsettings\u002Ftax-document"},{sourc

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), CFF, length 25368, version 1.6553
Category:	downloaded
Size (bytes):	25368
Entropy (8bit):	7.991291328114976
Encrypted:	true
SSDEEP:
MD5:	186B9E5BE0671C3C941A2A4966BEB47A
SHA1:	0255BF2F48460EB212C93242740F5BEF01E858C4
SHA-256:	1F70FF447ED799A34F4C3AE37EF1F49ED4AF71123BA2C2AEFE354565354284BE
SHA-512:	800337FFE081FABAC76979140A60C8A8CFCC1B6B0DEA559E444904ACC9CBD34F066168A658AFB7348F3DD7F621AC7444A91773E3B3EC68BFE23AE8F78ADE622B
Malicious:	false
Reputation:	unknown
URL:	https://www.paypalobjects.com/paypal-ui/fonts/PayPalSansBig-Regular.woff2
Preview:	wOF2OTTO..c........L..b..............................R..L....`....6.$......... .r.....`..m...uP.h...'.....AP........%....k......%.G.CL.$.V..)C.Zp...C...O...W.;<..\|..u....0.h.J..]m..50c....R.#....fn4.Eg...11.:HmO..7....Y3.........D.. ...n.."..g.?$)..?.~.[....1I...h.,e..S`.......s.K..$...P....L`bj_..f...x....lA....{j.Q..r....8...76]3...R.YY6.5.vc.].Z............9.I.5rr..Cf...N.Q0.b..Kkh..f......P.....#..h.L.%....6.f..v........4+..(.V..X.h..%..1.{..t.,.i.StD.C.A..s.x...8g...d.8.Y.: ~@.o..W...i.f.~M..t..jj?.7... ...q#b.Q.!............`....9.t1..j.B1.O..;...@K.x...b.X.....r..{....E.+....dE<.1[.9q"h..........~g..0.6...HBi......\|.\|.<Q ...qmK..BE4....5..... ...@a...P.B..l.\|.?..Q.U.~kM....C..;.]....._.~.oA.9.(G8..r...sYj...@aIi,..Y.t......g.8%.u..rS.....o.K:...@9.Qr.T:..;.]JE.....k..E.V....:..{....,_....y-.o..x.(?2J+0....r.t\TX..K...*u.6E..>...f..V..#.a..v~....$.CGh...:.u..r.Z4..eI.A.....y.~x!9`I..Q.....{s....=.!.%...V.AD.J........y.:uI.....VP.m;}Evy

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	135
Entropy (8bit):	5.077581773106507
Encrypted:	false
SSDEEP:
MD5:	E2A244D69BD948F5AA1E6AABCE97E635
SHA1:	15C84419D83DA9B0F33989D85CDCB0138EC469E2
SHA-256:	94F95366B3F5664D687C03C7E150B70AD8DA3222FA4554303224C5B1530BEC1F
SHA-512:	13BC5A629C3BA6695BF99416A81B230BF826A2274FB09A8FCD3E99F27BE619591E2A0D4BDC399F8CA1AC9AA736F69C78BD4C884499211E98F3293F5225C8B65D
Malicious:	false
Reputation:	unknown
URL:	https://account.venmo.com/_next/static/KayRtQ_1ym5_-NM6DR61r/_ssgManifest.js
Preview:	self.__SSG_MANIFEST=new Set(["\u002Fwebviews","\u002F404","\u002Flogin-return-error"]);self.__SSG_MANIFEST_CB&&self.__SSG_MANIFEST_CB()

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (318)
Category:	downloaded
Size (bytes):	9894
Entropy (8bit):	4.981124226726379
Encrypted:	false
SSDEEP:
MD5:	3AD1FA5B0F1C4A72D44414C819B16620
SHA1:	A15A051F27E9F6DEA5666D845227E6FAC541CCE1
SHA-256:	EB76C0E09E9360F7A76D746D302F5FFE738AB07C19E52733C96568A704B3F5DD
SHA-512:	807EBEE97234389E055E64AD4995F166AF28370773BEBAD3D959E75A95ABA51209E460AC51D4D56E55D988863C8948518F3CBF6DB457C1017A493DE6CEAE1F15
Malicious:	false
Reputation:	unknown
URL:	https://account.venmo.com/_next/static/chunks/9744.04c9c3ae7494be82.js
Preview:	"use strict";.(self["webpackChunk_N_E"] = self["webpackChunk_N_E"] \|\| []).push([[9744],{../*/ 59744:.// (function(__unused_webpack_module, __webpack_exports__, __webpack_require__) {..__webpack_require__.r(__webpack_exports__);./ harmony import / var react__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(67294);./ harmony import / var _hooks_useMParticle__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(58470);...var MParticle = function(param) {. var profile = param.profile;. var ref = (0,_hooks_useMParticle__WEBPACK_IMPORTED_MODULE_1__/ .useMParticle / .R)(), login = ref.login, getCurrentUser = ref.getCurrentUser;. /. Every time the APIs are invoked, the SDK will immediately upload an HTTP request.. * Because of this, these APIs must only be invoked when the user actually logs in, logs out, or otherwise changes state.. * A common mistake is to call an API such as identify or login on every page load - this is not necessary and will result in high netw

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (844)
Category:	downloaded
Size (bytes):	487736
Entropy (8bit):	4.941429396572523
Encrypted:	false
SSDEEP:
MD5:	FC23723EC305F9E4751AFC58788A4D65
SHA1:	1260BE3CEC21DD05C92FAFFD93B426E473871D49
SHA-256:	3F695DBDA1C4CD16F1EAAD764AF783B68AA0D0341E95FD2F9FA8044548E56690
SHA-512:	1F14BC29CC575A43808C889517659EDFAB21FE02E6F0F6CE14EAD13657DF03211677F90312D65B6B13B175EAD0B19493CE0EE03A83A09BC1C1F9E572DC513FAF
Malicious:	false
Reputation:	unknown
URL:	https://account.venmo.com/_next/static/chunks/main-6922df91ee43af36.js
Preview:	/****/ (function() { // webpackBootstrap./**/ .var __webpack_modules__ = ({..// 96086:.// (function(module) {.."use strict";..var assign = Object.assign.bind(Object);.module.exports = assign;.module.exports["default"] = module.exports;..//# sourceMappingURL=object-assign.js.map..// }),..// 40037:.// (function() {.."trimStart"in String.prototype\|\|(String.prototype.trimStart=String.prototype.trimLeft),"trimEnd"in String.prototype\|\|(String.prototype.trimEnd=String.prototype.trimRight),"description"in Symbol.prototype\|\|Object.defineProperty(Symbol.prototype,"description",{configurable:!0,get:function(){var t=/$(.)$/.exec(this.toString());return t?t[1]:void 0}}),Array.prototype.flat\|\|(Array.prototype.flat=function(t,r){return r=this.concat.apply([],this),t>1&&r.some(Array.isArray)?r.flat(t-1):r},Array.prototype.flatMap=function(t,r){return this.map(t,r).flat()}),Promise.prototype.finally\|\|(Promise.prototype.finally=function(t){if("function"!=typeof t)return this.then

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (15682)
Category:	downloaded
Size (bytes):	285078
Entropy (8bit):	5.6031042959124
Encrypted:	false
SSDEEP:
MD5:	CF41C5FE4E6A62FFDEEBBDDFA7D2B31F
SHA1:	BD1E5481A6F37D0D0DA3F4CEFC0E0FE466390108
SHA-256:	ACE6EC7F9C0A5226393D6961425B6D63D580B3827DCCDD69193FEE1F61242A76
SHA-512:	45C6CA39DADC96D5422898F249F3D7D1F94A5948ECE270A903499B18A4089A55439119742808EE6302A08C8ECF37B265825DF8066D51321A01795A6A6E98DC5E
Malicious:	false
Reputation:	unknown
URL:	https://www.googletagmanager.com/gtag/js?id=G-ZCV327BG16&l=dataLayer&cx=c
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"3",. . "macros":[{"function":"__e"},{"vtp_signal":2,"function":"__c","vtp_value":2},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"function":"__c","vtp_value":false},{"vtp_signal":2,"function":"__c","vtp_value":2},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_ga_send","priority":21,"vtp_value":true,"tag_id":18},{"function":"__ogt_ip_mark","priority":21,"vtp_instanceOrder":0,"vtp_paramValue":"internal","vtp_ruleResult":["macro",4],"vtp_enableIpRegex":true,"tag_id":20},{"function":"__ogt_referral_exclusion","priority":21,"vtp_includeConditions":["list","venmo\\.com"],"tag_id":21},{"function":"__ogt_session_timeout","priority":21,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":22},{"function":"__ogt_dma","priority":21,"vtp_delegationMode":"ON","vtp_dmaDefault":"DENIED","tag_id":23},{"function":"__ogt_1

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	14920
Entropy (8bit):	4.878065921497952
Encrypted:	false
SSDEEP:
MD5:	13BCEEEAF84DF39CC5FBBDDF19B3D3FB
SHA1:	499E4B12C5B8F8DBFA0A73B46E996817545F4AD4
SHA-256:	4673C229C2C1D356B98C232C599AFDB44C85E7279C63C3EF962B4BA677378BA9
SHA-512:	C366932331DD195CD9A856F71751107774CA214A0A53FB72B6E49B4A0705D10A43A7B6E9B8F187DDA37D9F894B03C84A430106408C490B2B05125B3865606ED6
Malicious:	false
Reputation:	unknown
URL:	https://www.paypalobjects.com/ncs/ncs.js
Preview:	(function ncs(window) {. const getCookiePref = (cookiePrefsString) => {. let cookiePrefsValueString;. let match = document.cookie.match(new RegExp('(^\| )' + (cookiePrefsString \|\| 'cookie_prefs') + '=([^;]+)'));. if (match) { cookiePrefsValueString = match[2]; }. return cookiePrefsValueString. }.. const getCookiePrefValue = (cookiePrefsString) => {. const cookiePrefsValueString = getCookiePref(cookiePrefsString). cookiePrefsValue = cookiePrefsValueString &&. decodeURIComponent(cookiePrefsValueString) &&. decodeURIComponent(cookiePrefsValueString).split(',').reduce((acc, val) => {. const [k, v] = val.split('=');. if (k && v) { acc[k] = v; }. return acc;. }, {});. return cookiePrefsValue;. }.. const serverSideCookieFiltering = (cookieList, filterAPI) => {. const xhr = window.XMLHttpRequest ? new XMLHttpRequest() : new ActiveXObject('Microsoft.XMLHTTP');. xhr.open('POST', filterAPI, true);. const data = {. cookieLi

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (353), with no line terminators
Category:	downloaded
Size (bytes):	353
Entropy (8bit):	5.273066239437083
Encrypted:	false
SSDEEP:
MD5:	93BE6D757F28230900FD2FFB4091E349
SHA1:	98FE6DA7DBB0EAC7B1D05D12C7257F99758543AB
SHA-256:	D0675FEF3CE35AD654F94CC2B675DE2729BD86874EC0A912FEC89575700513C5
SHA-512:	876E28AA82F5A156EA605E1F1996C26DD3C181B49CA23190FF4C92F4DBC4FCD0450D4F86086FB4B52EAD7E781865CC1464B8A6B3364186EDFB972A5569065CC6
Malicious:	false
Reputation:	unknown
URL:	https://account.venmo.com/_next/static/KayRtQ_1ym5_-NM6DR61r/_middlewareManifest.js
Preview:	self.__MIDDLEWARE_MANIFEST=(function(a){return [["\u002F",a],["\u002Faccount",a],["\u002Fcharity\u002Fdonate",a],["\u002Fcreditcard",a],["\u002Fdownload-app",a],["\u002Fpayment-link",a],["\u002Fsettings\u002Fpayment-methods",a],["\u002Fstory",a],["\u002Fu",a],["\u002Fwebviews",a]]}(false));self.__MIDDLEWARE_MANIFEST_CB&&self.__MIDDLEWARE_MANIFEST_CB()

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (949)
Category:	downloaded
Size (bytes):	1559773
Entropy (8bit):	5.21780030809332
Encrypted:	false
SSDEEP:
MD5:	B8F6588A6C12A45D1EBCA50D8946867F
SHA1:	307BE0069AD62C4A4D9FF259E0BD248AC388E7CE
SHA-256:	BEFC6E3B96F5E0B03333722A81D84F4C266C40A5BBF25B49E4DBF94EECEC29D2
SHA-512:	79D7D28259DA1AE13A7A9D3C27432AF6C93C9FD94A1F1CD02BBA41CE7C9C4F3C5B537644021EFDE8BE77E558B33824FC55420A9ECF2B96AAD03FA72A9AB862CF
Malicious:	false
Reputation:	unknown
URL:	https://account.venmo.com/_next/static/chunks/pages/signup-f17224eaac4caa06.js
Preview:	(self["webpackChunk_N_E"] = self["webpackChunk_N_E"] \|\| []).push([[7616],{../*/ 23983:.// (function(__unused_webpack_module, __webpack_exports__, __webpack_require__) {.."use strict";.// ESM COMPAT FLAG.__webpack_require__.r(__webpack_exports__);..// EXPORTS.__webpack_require__.d(__webpack_exports__, {. "default": function() { return / binding */ index_esm; }.});..;// CONCATENATED MODULE: ./node_modules/date-fns/esm/_lib/toInteger/index.js.function toInteger(dirtyNumber) {. if (dirtyNumber === null \|\| dirtyNumber === true \|\| dirtyNumber === false) {. return NaN;. }. var number = Number(dirtyNumber);. if (isNaN(number)) {. return number;. }. return number < 0 ? Math.ceil(number) : Math.floor(number);.}.// EXTERNAL MODULE: ./node_modules/@babel/runtime/helpers/esm/typeof.js.var esm_typeof = __webpack_require__(71002);.;// CONCATENATED MODULE: ./node_modules/date-fns/esm/_lib/requiredArgs/index.js.function requiredArgs(required, args) {. if (args.length < required) {.

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Chrome Cache Entry: 96

Chrome Cache Entry: 98

Chrome Cache Entry: 99

Static File Info