Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://remotescripps.org/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNDE1Mzc1OSwiaWF0IjoxNzE0MTQ2NTU5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjR0dWRtOGRsODdyZnRzMjAwaGg0czciLCJuYmYiOjE3MTQxNDY1NTksInRzIjoxNzE0MTQ2NTU5NTc0OTUxfQ.4QAtENw-EyGdzGdXpnWXNKSArwdeAYageduFz

Overview

General Information

Sample URL:https://remotescripps.org/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNDE1Mzc1OSwiaWF0IjoxNzE0MTQ2NTU5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjR0dWRtOGRsODdyZnRzMjAw
Analysis ID:1432298
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5580 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 3288 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1984,i,4643450290400954545,2623845929518352052,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6464 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://remotescripps.org/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNDE1Mzc1OSwiaWF0IjoxNzE0MTQ2NTU5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjR0dWRtOGRsODdyZnRzMjAwaGg0czciLCJuYmYiOjE3MTQxNDY1NTksInRzIjoxNzE0MTQ2NTU5NTc0OTUxfQ.4QAtENw-EyGdzGdXpnWXNKSArwdeAYageduFzSwX3pI&sid=8b44beca-03e4-11ef-af17-3cc94e56dea0" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cmd.exe (PID: 4336 cmdline: cmd /c "C:\Users\user\Desktop\" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
    • conhost.exe (PID: 6372 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: chromecache_75.2.drString found in binary or memory: http://104.154.23.126/data-ingest
Source: chromecache_60.2.drString found in binary or memory: https://api-js.mixpanel.com
Source: chromecache_60.2.drString found in binary or memory: https://cdn.mxpnl.com
Source: chromecache_61.2.drString found in binary or memory: https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js
Source: chromecache_61.2.drString found in binary or memory: https://dtools.zautils.online/geturl/PrivacyGuard/intpgdirect
Source: chromecache_61.2.drString found in binary or memory: https://fonts.googleapis.com
Source: chromecache_61.2.drString found in binary or memory: https://fonts.googleapis.com/css2?family=Inter:wght
Source: chromecache_61.2.drString found in binary or memory: https://fonts.gstatic.com
Source: chromecache_74.2.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa0ZL7SUc.woff2)
Source: chromecache_74.2.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2)
Source: chromecache_74.2.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1pL7SUc.woff2)
Source: chromecache_74.2.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa25L7SUc.woff2)
Source: chromecache_74.2.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2JL7SUc.woff2)
Source: chromecache_74.2.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2ZL7SUc.woff2)
Source: chromecache_74.2.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2pL7SUc.woff2)
Source: chromecache_61.2.drString found in binary or memory: https://impr.zautils.online/impression?c=intpgdirect
Source: chromecache_73.2.drString found in binary or memory: https://mc.yandex.
Source: chromecache_73.2.drString found in binary or memory: https://mc.yandex.md/cc
Source: chromecache_60.2.drString found in binary or memory: https://mixpanel.com
Source: chromecache_61.2.drString found in binary or memory: https://red.zautils.online/downloadproxy/intpgdirect/
Source: chromecache_73.2.drString found in binary or memory: https://s3.mds.yandex.net/internal-metrika-betas
Source: chromecache_73.2.drString found in binary or memory: https://yandex.com/an/sync_cookie
Source: chromecache_73.2.drString found in binary or memory: https://yastatic.net/s3/gdpr/v3/gdpr
Source: chromecache_73.2.drString found in binary or memory: https://yastatic.net/s3/metrika
Source: chromecache_73.2.drString found in binary or memory: https://yastatic.net/s3/taxi-front/yango-gdpr-popup/
Source: chromecache_73.2.drString found in binary or memory: https://ymetrica1.com/watch/3/1
Source: classification engineClassification label: clean1.win@22/39@0/21
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\9a25b646-7ba5-4e95-ba13-3c430acbcc9e.tmpJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6372:120:WilError_03
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1984,i,4643450290400954545,2623845929518352052,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://remotescripps.org/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNDE1Mzc1OSwiaWF0IjoxNzE0MTQ2NTU5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjR0dWRtOGRsODdyZnRzMjAwaGg0czciLCJuYmYiOjE3MTQxNDY1NTksInRzIjoxNzE0MTQ2NTU5NTc0OTUxfQ.4QAtENw-EyGdzGdXpnWXNKSArwdeAYageduFzSwX3pI&sid=8b44beca-03e4-11ef-af17-3cc94e56dea0"
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "C:\Users\user\Desktop\"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1984,i,4643450290400954545,2623845929518352052,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1432298 URL: https://remotescripps.org/?... Startdate: 26/04/2024 Architecture: WINDOWS Score: 1 5 chrome.exe 16 2->5         started        8 cmd.exe 1 2->8         started        10 chrome.exe 2->10         started        dnsIp3 17 192.168.2.4 unknown unknown 5->17 19 239.255.255.250 unknown Reserved 5->19 12 chrome.exe 5->12         started        15 conhost.exe 8->15         started        process4 dnsIp5 21 77.88.21.119 YANDEXRU Russian Federation 12->21 23 87.250.250.119 YANDEXRU Russian Federation 12->23 25 17 other IPs or domains 12->25

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://remotescripps.org/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNDE1Mzc1OSwiaWF0IjoxNzE0MTQ2NTU5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjR0dWRtOGRsODdyZnRzMjAwaGg0czciLCJuYmYiOjE3MTQxNDY1NTksInRzIjoxNzE0MTQ2NTU5NTc0OTUxfQ.4QAtENw-EyGdzGdXpnWXNKSArwdeAYageduFzSwX3pI&sid=8b44beca-03e4-11ef-af17-3cc94e56dea00%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://mc.yandex.0%URL Reputationsafe
https://ymetrica1.com/watch/3/10%URL Reputationsafe
https://mc.yandex.md/cc0%URL Reputationsafe
http://104.154.23.126/data-ingest0%Avira URL Cloudsafe
https://red.zautils.online/downloadproxy/intpgdirect/0%Avira URL Cloudsafe
https://dtools.zautils.online/geturl/PrivacyGuard/intpgdirect0%Avira URL Cloudsafe
https://impr.zautils.online/impression?c=intpgdirect0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://cintlp.zautils.online/?subid=90818143905&cid=8899&tag=dm&dkw=remotescripps.org&rhi=0bc29bef-b9ff-47fa-9c64-762e9458389cfalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://yandex.com/an/sync_cookiechromecache_73.2.drfalse
      		high
      http://104.154.23.126/data-ingestchromecache_75.2.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://impr.zautils.online/impression?c=intpgdirectchromecache_61.2.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://red.zautils.online/downloadproxy/intpgdirect/chromecache_61.2.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://mc.yandex.chromecache_73.2.drfalse
      • URL Reputation: safe
      		unknown
      https://s3.mds.yandex.net/internal-metrika-betaschromecache_73.2.drfalse
        		high
        https://yastatic.net/s3/gdpr/v3/gdprchromecache_73.2.drfalse
          		high
          https://yastatic.net/s3/metrikachromecache_73.2.drfalse
            		high
            https://ymetrica1.com/watch/3/1chromecache_73.2.drfalse
            • URL Reputation: safe
            		unknown
            https://dtools.zautils.online/geturl/PrivacyGuard/intpgdirectchromecache_61.2.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://mc.yandex.md/ccchromecache_73.2.drfalse
            • URL Reputation: safe
            		unknown
            https://yastatic.net/s3/taxi-front/yango-gdpr-popup/chromecache_73.2.drfalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              162.254.207.52
              		unknownUnited States
              		29066VELIANET-ASvelianetInternetdiensteGmbHDEfalse
              1.1.1.1
              		unknownAustralia
              		13335CLOUDFLARENETUSfalse
              35.186.241.51
              		unknownUnited States
              		15169GOOGLEUSfalse
              192.178.50.46
              		unknownUnited States
              		15169GOOGLEUSfalse
              172.217.2.195
              		unknownUnited States
              		15169GOOGLEUSfalse
              87.250.250.119
              		unknownRussian Federation
              		13238YANDEXRUfalse
              142.250.64.138
              		unknownUnited States
              		15169GOOGLEUSfalse
              142.250.64.195
              		unknownUnited States
              		15169GOOGLEUSfalse
              130.211.5.208
              		unknownUnited States
              		15169GOOGLEUSfalse
              172.67.136.85
              		unknownUnited States
              		13335CLOUDFLARENETUSfalse
              107.178.240.159
              		unknownUnited States
              		15169GOOGLEUSfalse
              239.255.255.250
              		unknownReserved
              		unknownunknownfalse
              206.189.225.178
              		unknownUnited States
              		14061DIGITALOCEAN-ASNUSfalse
              93.158.134.119
              		unknownRussian Federation
              		13238YANDEXRUfalse
              142.251.35.228
              		unknownUnited States
              		15169GOOGLEUSfalse
              3.220.57.224
              		unknownUnited States
              		14618AMAZON-AESUSfalse
              142.251.162.84
              		unknownUnited States
              		15169GOOGLEUSfalse
              77.88.21.119
              		unknownRussian Federation
              		13238YANDEXRUfalse
              172.217.3.67
              		unknownUnited States
              		15169GOOGLEUSfalse
              13.35.116.53
              		unknownUnited States
              		16509AMAZON-02USfalse

              Private

              IP
              192.168.2.4

              General Information

              Joe Sandbox version:40.0.0 Tourmaline
              Analysis ID:1432298
              Start date and time:2024-04-26 20:14:38 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 3m 35s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:browseurl.jbs
              Sample URL:https://remotescripps.org/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNDE1Mzc1OSwiaWF0IjoxNzE0MTQ2NTU5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjR0dWRtOGRsODdyZnRzMjAwaGg0czciLCJuYmYiOjE3MTQxNDY1NTksInRzIjoxNzE0MTQ2NTU5NTc0OTUxfQ.4QAtENw-EyGdzGdXpnWXNKSArwdeAYageduFzSwX3pI&sid=8b44beca-03e4-11ef-af17-3cc94e56dea0
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:11
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:CLEAN
              Classification:clean1.win@22/39@0/21
              EGA Information:Failed
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 0
              • Number of non-executed functions: 0
              Cookbook Comments:
              • Browse: https://dtools.zautils.online/geturl/PrivacyGuard/intpgdirect

              Warnings

              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtSetInformationFile calls found.
              • Skipping network analysis since amount of network traffic is too extensive

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\Users\user\Downloads\9a25b646-7ba5-4e95-ba13-3c430acbcc9e.tmp

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:Zip archive data, at least v4.5 to extract, compression method=store
              Category:dropped
              Size (bytes):16384
              Entropy (8bit):7.959308349191802
              Encrypted:false
              SSDEEP:384:/POeOMFtmkKIsoVRp0iEEMRafyR1hEJUpuaUakDEQjZ3Q:Rmkjp0Sf21jpcZIz
              MD5:8DF5B7A363F7F482FE7555D2FDEE9692
              SHA1:9E598D6F209E3FFD3B44B51E4340FF9BB3C6C3DB
              SHA-256:AD4A23E001E6A4AE07D410550ED8E1DCD03ED9DA4F24FAD4DB7A6DE284332D96
              SHA-512:CD7CDFEFA164C8602DA2FA1B3B7649B2B4A91AFD0F6F26D4D620B0287EB9D1B2A41B50F07E4335BEC25A16EF2660AAF2877A21398ED82FC00583AF4A85EF77A3
              Malicious:false
              Reputation:low
              Preview:PK..-......X................Assets/Privacy256Square.png.PNG........IHDR.............\r.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..g.dIv&.^...UF.HY.....DWUWV..nt.@......`@.C..$g.g1.9..=..0... g@.F.h..........RY.Z....Z.v........V...E.?3{....{.|......J..Tp_..\+.......p.!.......q..."0...x....!T..&.t.3.XK"..`z..P...Z....c..WI,.......P..ed.. ...;..\...=*(.T.@. ..h....J.c..(~..'..qV.....2..#U....;..|_.Y..."......./..rZ_T...b.50V....*.Z.]N..`mP....7....f...*.`mP....dVf.k.....ru.w.+CE....).(...T.G...[..+X>*.`.h.g..k...J......HT..l.T.ii....0....y.,..a...[.."....C@u..=.f.C......{....*...r.@.....0.[..ay.[..#.LZ...7?.D"a..c._.u..h..f2f..~ ...j..w.'MMM.N....D...^....{..^m=W`P........}8\%.........45J6../.....4.@MM.<...RUUu...[..I...p....W..I..._...*.. ..?:.... . ..SSS#/}.......WQ.dP........."..[$...xD.`.L&..G.......z...A........g..~\B...g....-P...G.N...d|/Z..B... .pQ......R#.?........L;.............s/.$.m......u.sC......I.^..@..&.....'.....|J.

              C:\Users\user\Downloads\PrivacyGuardBrowser.1.10.78.0.Msix (copy)

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:Zip archive data, at least v4.5 to extract, compression method=store
              Category:dropped
              Size (bytes):123911804
              Entropy (8bit):7.998578445043817
              Encrypted:true
              SSDEEP:3145728:4/zRxgbCEPR9vySUPFmaPa/MXrnjjf2+wtpeEx/IIHZ:y3g+I76SGFT8kjS+wtTT5
              MD5:042CC51594DB860354C47A4E8CDCA37D
              SHA1:6104CAE9FA3DA2802CF1A7F3898A3292E49A497A
              SHA-256:0A0B6D419AA7520FF29AC5CEC8D1A4A89096319774CF481127A92048566EEB91
              SHA-512:D82D21DAB097C8FA0630B448C84A90C7E5646BE6E449E7B7797BA6C3E256323A50086119C07F88CEC966C02EC4D3A526933892294839E127431FD17A758F8E74
              Malicious:false
              Reputation:low
              Preview:PK..-......X................Assets/Privacy256Square.png.PNG........IHDR.............\r.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..g.dIv&.^...UF.HY.....DWUWV..nt.@......`@.C..$g.g1.9..=..0... g@.F.h..........RY.Z....Z.v........V...E.?3{....{.|......J..Tp_..\+.......p.!.......q..."0...x....!T..&.t.3.XK"..`z..P...Z....c..WI,.......P..ed.. ...;..\...=*(.T.@. ..h....J.c..(~..'..qV.....2..#U....;..|_.Y..."......./..rZ_T...b.50V....*.Z.]N..`mP....7....f...*.`mP....dVf.k.....ru.w.+CE....).(...T.G...[..+X>*.`.h.g..k...J......HT..l.T.ii....0....y.,..a...[.."....C@u..=.f.C......{....*...r.@.....0.[..ay.[..#.LZ...7?.D"a..c._.u..h..f2f..~ ...j..w.'MMM.N....D...^....{..^m=W`P........}8\%.........45J6../.....4.@MM.<...RUUu...[..I...p....W..I..._...*.. ..?:.... . ..SSS#/}.......WQ.dP........."..[$...xD.`.L&..G.......z...A........g..~\B...g....-P...G.N...d|/Z..B... .pQ......R#.?........L;.............s/.$.m......u.sC......I.^..@..&.....'.....|J.

              C:\Users\user\Downloads\Unconfirmed 403941.crdownload

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:Zip archive data, at least v4.5 to extract, compression method=store
              Category:dropped
              Size (bytes):123911804
              Entropy (8bit):7.998578445043817
              Encrypted:true
              SSDEEP:3145728:4/zRxgbCEPR9vySUPFmaPa/MXrnjjf2+wtpeEx/IIHZ:y3g+I76SGFT8kjS+wtTT5
              MD5:042CC51594DB860354C47A4E8CDCA37D
              SHA1:6104CAE9FA3DA2802CF1A7F3898A3292E49A497A
              SHA-256:0A0B6D419AA7520FF29AC5CEC8D1A4A89096319774CF481127A92048566EEB91
              SHA-512:D82D21DAB097C8FA0630B448C84A90C7E5646BE6E449E7B7797BA6C3E256323A50086119C07F88CEC966C02EC4D3A526933892294839E127431FD17A758F8E74
              Malicious:false
              Reputation:low
              Preview:PK..-......X................Assets/Privacy256Square.png.PNG........IHDR.............\r.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..g.dIv&.^...UF.HY.....DWUWV..nt.@......`@.C..$g.g1.9..=..0... g@.F.h..........RY.Z....Z.v........V...E.?3{....{.|......J..Tp_..\+.......p.!.......q..."0...x....!T..&.t.3.XK"..`z..P...Z....c..WI,.......P..ed.. ...;..\...=*(.T.@. ..h....J.c..(~..'..qV.....2..#U....;..|_.Y..."......./..rZ_T...b.50V....*.Z.]N..`mP....7....f...*.`mP....dVf.k.....ru.w.+CE....).(...T.G...[..+X>*.`.h.g..k...J......HT..l.T.ii....0....y.,..a...[.."....C@u..=.f.C......{....*...r.@.....0.[..ay.[..#.LZ...7?.D"a..c._.u..h..f2f..~ ...j..w.'MMM.N....D...^....{..^m=W`P........}8\%.........45J6../.....4.@MM.<...RUUu...[..I...p....W..I..._...*.. ..?:.... . ..SSS#/}.......WQ.dP........."..[$...xD.`.L&..G.......z...A........g..~\B...g....-P...G.N...d|/Z..B... .pQ......R#.?........L;.............s/.$.m......u.sC......I.^..@..&.....'.....|J.

              Chrome Cache Entry: 57

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ISO Media, MP4 v2 [ISO 14496-14]
              Category:downloaded
              Size (bytes):196348
              Entropy (8bit):7.892997416628647
              Encrypted:false
              SSDEEP:3072:jwbsZPztX4T30FqOQVrzQdTK65bkI+Ks3kCAuMAiJWXcGOJzlrcBVrqgWcogJnHO:VY0FqQdkIFs04MgtOJzd0VWcoOnwH7k0
              MD5:3AAEE7F420524EFF68682C381B1F511E
              SHA1:36BE9AB3C2456366A22465E613364586C9A802A0
              SHA-256:92CE26FC5B606509C9D96ED8005B2225B1A8C846AD35151EF0EE935A27FBDBFA
              SHA-512:1FDA4F916328785608D1AAEC0E9E4EF201C7DA64C8CA06AD854DBE5E63C8E70330A68AC3D66A487731E6FC9B4F0D8496B125E66FC25AF87042B7154DCAA57A4C
              Malicious:false
              Reputation:low
              URL:https://cintlp.zautils.online/private-search/first/img/download-video.mp4:2f759a2d251c74:0
              Preview:....ftypmp42....mp42mp41....moov...lmvhd.....5.o.5.o.._....................................................@...................................trak...\tkhd.....5.o.5.o...........................................................@..............$edts....elst.......................mdia... mdhd.....5.o.5.o..u0..M........@hdlr........vide.............Mainconcept Video Media Handler....minf....vmhd...............3hdlr........alis............Alias Data Handler....$dinf....dref............url ........stbl....stsd............avc1.............................H...H.........AVC Coding............................,avcC.M@)....gM@)..........>.....@...h. ....stts....................stsc.......................pstsz..............$........~.......2...t...................................d...............a...0......................./.......s.......h..1P...x...^...n...%..._...].......q...b...#.......d.......a...h...|...........o...i.......................j..............Ty.......K.......!.......:...........

              Chrome Cache Entry: 58

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):2
              Entropy (8bit):1.0
              Encrypted:false
              SSDEEP:3:V:V
              MD5:444BCB3A3FCF8389296C49467F27E1D6
              SHA1:7A85F4764BBD6DAF1C3545EFBBF0F279A6DC0BEB
              SHA-256:2689367B205C16CE32ED4200942B8B8B1E262DFC70D9BC9FBC77C49699A4F1DF
              SHA-512:9FBBBB5A0F329F9782E2356FA41D89CF9B3694327C1A934D6AF2A9DF2D7F936CE83717FB513196A4CE5548471708CD7134C2AE99B3C357BCABB2EAFC7B9B7570
              Malicious:false
              Reputation:low
              Preview:ok

              Chrome Cache Entry: 59

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
              Category:downloaded
              Size (bytes):46704
              Entropy (8bit):7.994860687757006
              Encrypted:true
              SSDEEP:768:f3Ybit5PQRS0FhgC1g10ijolF5rm2GsRnENYMSGAxgvZdH3VayjX2p2iKEmcLf:fIbi7eHBmt0F5rm2GsRENqGAx0Zdlt2r
              MD5:30A274CD01B6EEB0B082C918B0697F1E
              SHA1:393311BDE26B99A4AD935FA55BAD1DCE7994388B
              SHA-256:88DF0B5A7BC397DBC13A26BB8B3742CC62CD1C9B0DDED57DA7832416D6F52F42
              SHA-512:C02C5894DFB5FBF47DB7E9EDA5E0843C02E667B32E6C6844262DD5DED92DD95CC72830A336450781167BD21FBFAD35D8E74943C2817BAAC1E4CA34EAAD317777
              Malicious:false
              Reputation:low
              URL:https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
              Preview:wOF2.......p......................................O......^?HVAR.g.`?STAT.8..4/l.....<..6..f.0..\.6.$..H. ..\..>..[`....|...........7o.)....C81=......g#l..PA.c.......%...$.K.....|}}....8H.\Yd.....2c.J....0K.....I..k...F..f......,L.....P...JGwj..KM....n..,..o.....n.ck...1...%.<.....;5...9..2....=b.....("4..:.k...K_...`.5v..2@...,_.3..6..@PR.]...f!X.~..b.....-..9.....?.=:kt.'@_...N...8.i......Fo..S.C.=%.........W.@7d..%......,"h...b@.DE.]l.n..(;......E.ng].`....8..C;m....).u8.....4...%..c.A.hc]....s.{.+....J..Rq...f..I;.B..g.....j.@~.........H.........:]Dc.J.6r..].".c...8j...v. M.PXB.,.v...M..NtOO.......Z`-.i..X.....".y....c.....+..e[..(..q...u..kh.k5W..=OK{.;...7...V...I.FMTWv.Dv.[..^`......JY..:.,.. tgKhC..2-...I..S..'...IL..........p......&:..(...g..B.`......%U....-.m.D.b.m..p..26.0D.....$j.r...w..z.9.)`..n.I..B...s"es...;..vY...6.T...**..2o.....W.Lu:wx.?.7..x......C..E.^SE..F.5WcMi..a..n...X...t.........6.j.j..M.9..a.....f<J.....@.&f..'.|.....p

              Chrome Cache Entry: 60

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with very long lines (607)
              Category:downloaded
              Size (bytes):54851
              Entropy (8bit):5.351885775358845
              Encrypted:false
              SSDEEP:768:sEctKbJNwoioYX5x9ncZsCpWdlLhh7kXrjlyfqhCsGAoOrk2n:sEctKlNwoioYX5LM3+H124qhCsDnj
              MD5:45A6749860B806A0ED77ED08DFA90B99
              SHA1:C533D7544452DBD40907306BAFAC435541D4E2BF
              SHA-256:7C690A6EBB2EEF51E8CCC66161B02197C22F388F1FC23C89E0F5C7B70E1EAC50
              SHA-512:9265A6290728192FEE12DD0F448FC490F8B2EA95AE61453256FCF4FD1828F47018B884A199EFF8F94597F7055181BD805DAF4F8EAECCDF0D5747CD3D4F5514D4
              Malicious:false
              Reputation:low
              URL:https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js
              Preview:(function() {.var l=void 0,m=!0,q=null,D=!1;.(function(){function Aa(){function a(){if(!a.Ac)la=a.Ac=m,ma=D,c.a(F,function(a){a.nc()})}function b(){try{w.documentElement.doScroll("left")}catch(d){setTimeout(b,1);return}a()}if(w.addEventListener)"complete"===w.readyState?a():w.addEventListener("DOMContentLoaded",a,D);else if(w.attachEvent){w.attachEvent("onreadystatechange",a);var d=D;try{d=o.frameElement===q}catch(f){}w.documentElement.doScroll&&d&&b()}c.Rb(o,"load",a,m)}function Ba(){y.init=function(a,b,d){if(d)return y[d]||(y[d]=F[d]=S(a,.b,d),y[d].ja()),y[d];d=y;if(F.mixpanel)d=F.mixpanel;else if(a)d=S(a,b,"mixpanel"),d.ja(),F.mixpanel=d;y=d;1===ca&&(o.mixpanel=y);Ca()}}function Ca(){c.a(F,function(a,b){"mixpanel"!==b&&(y[b]=a)});y._=c}function da(a){a=c.e(a)?a:c.g(a)?{}:{days:a};return c.extend({},Da,a)}function S(a,b,d){var f,h="mixpanel"===d?y:y[d];if(h&&0===ca)f=h;else{if(h&&!c.isArray(h)){s.error("You have already initialized "+d);return}f=new e}f.jb={};f.W(a,b,d);f.people=new

              Chrome Cache Entry: 61

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (2013)
              Category:downloaded
              Size (bytes):12180
              Entropy (8bit):5.004872914259011
              Encrypted:false
              SSDEEP:192:FYeT19Gtyg01FJnDGU4GdCE2WFSTt691/4dbPD+1nRGqkFzHb3qJmQlEAwA:eeTM6jiE26STAjMbMGdb3qxwA
              MD5:6DAD94BBF5D939576A7BB9CF2A584C56
              SHA1:81EFE9E78E21F7980A8C6183658B727C73178A3B
              SHA-256:8C358DDFA7EEFE1BF89B35BD7FCEEAEDB329A194D980224B335404C6B4E37C1E
              SHA-512:4346DFDD0DC60862E18E80F27F494CD7555C0DAC8A4C2B651B963E566A8FEF5AA473873FF541DA7EB7870C4353A52C3CFBE10497E46AE781E774C8C55065221F
              Malicious:false
              Reputation:low
              URL:https://cintlp.zautils.online/?subid=90818143905&cid=8899&tag=dm&dkw=remotescripps.org&rhi=0bc29bef-b9ff-47fa-9c64-762e9458389c
              Preview:<!doctype html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport". content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">. <meta http-equiv="X-UA-Compatible" content="ie=edge">. <title>Privacy Guard Browser</title>.. <link rel="shortcut icon" href="/favicon.png" type="image/x-icon">. <link rel="icon" href="/favicon.png" type="image/x-icon">.. <link rel="preconnect" href="https://fonts.googleapis.com">. <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>. <link href="https://fonts.googleapis.com/css2?family=Inter:wght@100..900&display=swap" rel="stylesheet">.. <link rel="stylesheet" href="/private-search/second/styles/style.css?v6">.. <script type="text/javascript" >. (function(m,e,t,r,i,k,a){m[i]=m[i]||function(){(m[i].a=m[i].a||[]).push(arguments)};. m[i].l=1*new Date();. for (var j = 0; j < document.scripts.length; j++) {if (do

              Chrome Cache Entry: 62

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
              Category:downloaded
              Size (bytes):3459
              Entropy (8bit):7.804337112889666
              Encrypted:false
              SSDEEP:96:tRshc5xmBDNrQaKVk5wg3xoHmhrIsjb7LQN:tGu5IBDB39h4mhhna
              MD5:65A5E6CFCA5E73A002CFFC719873A149
              SHA1:E911BC089EA96E29C193456D5F5FF061819D0AAB
              SHA-256:C482472C562D96C5798FC44FAE1074DAF1C1650736F4CAC3B0D5C5B869AB9D15
              SHA-512:FB8B417C3FF2723D4C8E693341F9FE58218AF72040954C5AEB0A847EFD5F4160601BAC264B5642243A6C3320662AE6CE867DDDB0B13AFF9E62E82B9BAC61A265
              Malicious:false
              Reputation:low
              URL:https://cintlp.zautils.online/favicon.png
              Preview:.PNG........IHDR... ... .....szz.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............tIME.....-...ot...%zTXtRaw profile type xmp..X..XK.. ..s.9............O..r.%.*l*..t.[H..?.../\.D...Z...e=j2...IM'-...z<.+..'..I.I...X...S.l....f)I.w.2.D.K..d.g.....L...]OZ.}-x.......p...h0wl..,)....b`..~..I.>.2.."...(.DD....\J.&..g...*.]TZ,....|.)"De...IpgC.M..,...|..W...-2G...&$.@.y.i!.LP...F..^.6.....[.r.n....... 7.rV..7].H...o.....U.b..:.@..cw....T.....b'T.+.Y|..U..W>Li..=D<...f=Lh ....B5_....+.\.T....fQ...u....../.fF.v.e.E........Ze...Y..j.'...k7/.(.@..`vi.*..OZfXk....k./.(.@.~0;..J.....-3....?...e$E....f.....Y{.e.zm.._.....Ow./&..........orNT..w....'IDATX..il\W.....7.x<..[.z.:.....@K..".B).P./E...P.".H|.~).. A).*..P......4Mb.v..=.g..<....;..(9..~......9OOq.v...c.-.........L(...l.T.CGk.U..Wzpll..!.....E.s_.FB/.zR[z...+..SCW...mtr.;..L.%.e|r.&....)..|. c..2<>.Z...N.ad.4=G.r.........f.....s..n..:.....TU.Y.d.|>..}>.a........^...XE...T*....3]

              Chrome Cache Entry: 63

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ISO Media, MP4 v2 [ISO 14496-14]
              Category:downloaded
              Size (bytes):402433
              Entropy (8bit):7.94928229805124
              Encrypted:false
              SSDEEP:6144:0ghZRGpfzlfmMM4mT9zzQE4gKcA/lm4UdbquHRnRaLfvXeN3Bs:Pc5V6txtKkdbqURRQnXeN3W
              MD5:DE1721491B68CDEDA81D5962D76FEB0C
              SHA1:6E18521195B7D03D2FC32CC6D2C09B1FDFF210AA
              SHA-256:8D7EE21B859CAB3E743BAD155EBEAF1971DCABEDAF5A780E258C447D7F000A8F
              SHA-512:3352C6D6D0BEEDFFCB8515253490F89A975F1AFC45E2CC700A2FA60541F07717CC19CF371E182DF726A45EFC6926B276ED4BEFDFF2838393F2EE4D12EBCDC491
              Malicious:false
              Reputation:low
              URL:https://cintlp.zautils.online/private-search/third/video/download-video.mp4:2f759a2d24fa4a:0
              Preview:....ftypmp42....mp42mp41...2moov...lmvhd.....=D..=D..._....M................................................@...................................trak...\tkhd.....=D..=D............M................................................@....P...`.....$edts....elst...........M............mdia... mdhd.....=D..=D...u0..No.......@hdlr........vide.............Mainconcept Video Media Handler....minf....vmhd...............3hdlr........alis............Alias Data Handler....$dinf....dref............url ........stbl....stsd............avc1.........................P.`.H...H.........AVC Coding............................,avcC.M@2....gM@2...Pm..........`....h. ....stts....................stsc.......................pstsz..............&........y...E...(...............x...,...r.......................|...?...7...K...................S.......*...k......"...L...!........s...............'.......................................................e...u.......i.......o.......b...I..f....'.......K.......................

              Chrome Cache Entry: 64

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:GIF image data, version 89a, 1 x 1
              Category:dropped
              Size (bytes):43
              Entropy (8bit):2.7374910194847146
              Encrypted:false
              SSDEEP:3:CU9yltxlHh/:m/
              MD5:DF3E567D6F16D040326C7A0EA29A4F41
              SHA1:EA7DF583983133B62712B5E73BFFBCD45CC53736
              SHA-256:548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
              SHA-512:B2CA25A3311DC42942E046EB1A27038B71D689925B7D6B3EBB4D7CD2C7B9A0C7DE3D10175790AC060DC3F8ACF3C1708C336626BE06879097F4D0ECAA7F567041
              Malicious:false
              Reputation:low
              Preview:GIF89a.............!.......,...........D..;

              Chrome Cache Entry: 65

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text
              Category:downloaded
              Size (bytes):6862
              Entropy (8bit):4.845909639918819
              Encrypted:false
              SSDEEP:192:ynVb26kS3qnFt91zbEWqIIM4kX0aVOu2PQHFyGGUhL+qIC+5fETD9yfNmf5:ZjFtbDp4M+0FUO
              MD5:7B997B2E607A5F9AAE1CFEC963E5C14E
              SHA1:CA24A2A58FBD21CDA177F9AA5191CEC3A6000D1C
              SHA-256:7BBEB300C0D5F67D015F26EAB0F4E9CEBA57F41F79298D7473D82A30D358DAC4
              SHA-512:B4C23708E8BB2FD5BD999A42702724348E117B8B56C0B181BF8994B30844CFC08AED186A826452ED744F7C958243BE1E4695F28459AD6515A42096D5A2CA1B86
              Malicious:false
              Reputation:low
              URL:https://cintlp.zautils.online/private-search/second/styles/style.css?v6
              Preview:@import "reboot.css";..html {. scroll-behavior: smooth;. overflow-x: hidden;.}..* {. padding: 0;. margin: 0;. box-sizing: border-box;.}..body {. font-family: 'Inter', sans-serif;. font-size: 16px;. font-weight: 400;. line-height: 1.4;. color: #222;. background: #F6F6F7;. min-height: 100vh;.}...popup {. width: 100%;. height: 100%;. position: fixed;. inset: auto;. background: url("/private-search/second/img/page.png") no-repeat top / cover;. display: flex;. align-items: center;. justify-content: center;. padding: 20px;. max-height: 100%;.}...popup:before {. content: '';. width: 100%;. height: 100%;. background: rgba(0, 0, 0, 0.5);. inset: auto;. position: absolute;. z-index: -1;.}...popup__wrapper {. background: #fff;. border-radius: 12px;. width: 960px;. max-height: 100%;. overflow-y: auto;.}...popup__content {. display: none;. padding: 32px 20px;. flex: 1 1 auto;. flex-dire

              Chrome Cache Entry: 66

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):2
              Entropy (8bit):1.0
              Encrypted:false
              SSDEEP:3:V:V
              MD5:E0AA021E21DDDBD6D8CECEC71E9CF564
              SHA1:9CE3BD4224C8C1780DB56B4125ECF3F24BF748B7
              SHA-256:565339BC4D33D72817B583024112EB7F5CDF3E5EEF0252D6EC1B9C9A94E12BB3
              SHA-512:900110C951560EFF857B440E89CC29F529416E0E3B3D7F0AD51651BFDBD8025B91768C5ED7DB5352D1A5523354CE06CED2C42047E33A3E958A1BBA5F742DB874
              Malicious:false
              Reputation:low
              Preview:OK

              Chrome Cache Entry: 67

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
              Category:dropped
              Size (bytes):3459
              Entropy (8bit):7.804337112889666
              Encrypted:false
              SSDEEP:96:tRshc5xmBDNrQaKVk5wg3xoHmhrIsjb7LQN:tGu5IBDB39h4mhhna
              MD5:65A5E6CFCA5E73A002CFFC719873A149
              SHA1:E911BC089EA96E29C193456D5F5FF061819D0AAB
              SHA-256:C482472C562D96C5798FC44FAE1074DAF1C1650736F4CAC3B0D5C5B869AB9D15
              SHA-512:FB8B417C3FF2723D4C8E693341F9FE58218AF72040954C5AEB0A847EFD5F4160601BAC264B5642243A6C3320662AE6CE867DDDB0B13AFF9E62E82B9BAC61A265
              Malicious:false
              Reputation:low
              Preview:.PNG........IHDR... ... .....szz.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............tIME.....-...ot...%zTXtRaw profile type xmp..X..XK.. ..s.9............O..r.%.*l*..t.[H..?.../\.D...Z...e=j2...IM'-...z<.+..'..I.I...X...S.l....f)I.w.2.D.K..d.g.....L...]OZ.}-x.......p...h0wl..,)....b`..~..I.>.2.."...(.DD....\J.&..g...*.]TZ,....|.)"De...IpgC.M..,...|..W...-2G...&$.@.y.i!.LP...F..^.6.....[.r.n....... 7.rV..7].H...o.....U.b..:.@..cw....T.....b'T.+.Y|..U..W>Li..=D<...f=Lh ....B5_....+.\.T....fQ...u....../.fF.v.e.E........Ze...Y..j.'...k7/.(.@..`vi.*..OZfXk....k./.(.@.~0;..J.....-3....?...e$E....f.....Y{.e.zm.._.....Ow./&..........orNT..w....'IDATX..il\W.....7.x<..[.z.:.....@K..".B).P./E...P.".H|.~).. A).*..P......4Mb.v..=.g..<....;..(9..~......9OOq.v...c.-.........L(...l.T.CGk.U..Wzpll..!.....E.s_.FB/.zR[z...+..SCW...mtr.;..L.%.e|r.&....)..|. c..2<>.Z...N.ad.4=G.r.........f.....s..n..:.....TU.Y.d.|>..}>.a........^...XE...T*....3]

              Chrome Cache Entry: 68

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:GIF image data, version 89a, 1 x 1
              Category:downloaded
              Size (bytes):43
              Entropy (8bit):2.7374910194847146
              Encrypted:false
              SSDEEP:3:CU9yltxlHh/:m/
              MD5:DF3E567D6F16D040326C7A0EA29A4F41
              SHA1:EA7DF583983133B62712B5E73BFFBCD45CC53736
              SHA-256:548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
              SHA-512:B2CA25A3311DC42942E046EB1A27038B71D689925B7D6B3EBB4D7CD2C7B9A0C7DE3D10175790AC060DC3F8ACF3C1708C336626BE06879097F4D0ECAA7F567041
              Malicious:false
              Reputation:low
              URL:https://mc.yandex.com/sync_cookie_image_decide?token=10351.yXLNMr16pRbYYn-zirOWfqhkc0cAm_WKYSIXVAwHHSizixMSeBrTeasIG6U_dh_tsKY-WcuOvgS67tKKtRBs8MiHoWCx6S_e6scxr1AxER48ezTPtXLYgxZyWmTdKhGnSNqNW_09nncXU-_-V4E5UybXab6P-5q5ogHcJJuqpC9dAo5h10JAZNPojY6ma6UV3xMhFCQUa1plXhoksj9fmnIWjCCsXz-pCs7dIlmUiZA%2C.2g1wCzXg0u3aHw3-sQwpqu6q-ow%2C
              Preview:GIF89a.............!.......,...........D..;

              Chrome Cache Entry: 69

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with no line terminators
              Category:downloaded
              Size (bytes):2
              Entropy (8bit):1.0
              Encrypted:false
              SSDEEP:3:V:V
              MD5:E0AA021E21DDDBD6D8CECEC71E9CF564
              SHA1:9CE3BD4224C8C1780DB56B4125ECF3F24BF748B7
              SHA-256:565339BC4D33D72817B583024112EB7F5CDF3E5EEF0252D6EC1B9C9A94E12BB3
              SHA-512:900110C951560EFF857B440E89CC29F529416E0E3B3D7F0AD51651BFDBD8025B91768C5ED7DB5352D1A5523354CE06CED2C42047E33A3E958A1BBA5F742DB874
              Malicious:false
              Reputation:low
              URL:https://impr.zautils.online/impression?c=intpgdirect
              Preview:OK

              Chrome Cache Entry: 70

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:GIF image data, version 89a, 1 x 1
              Category:dropped
              Size (bytes):43
              Entropy (8bit):2.7374910194847146
              Encrypted:false
              SSDEEP:3:CU9yltxlHh/:m/
              MD5:DF3E567D6F16D040326C7A0EA29A4F41
              SHA1:EA7DF583983133B62712B5E73BFFBCD45CC53736
              SHA-256:548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
              SHA-512:B2CA25A3311DC42942E046EB1A27038B71D689925B7D6B3EBB4D7CD2C7B9A0C7DE3D10175790AC060DC3F8ACF3C1708C336626BE06879097F4D0ECAA7F567041
              Malicious:false
              Reputation:low
              Preview:GIF89a.............!.......,...........D..;

              Chrome Cache Entry: 71

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text
              Category:downloaded
              Size (bytes):5060
              Entropy (8bit):4.843774813790366
              Encrypted:false
              SSDEEP:96:eWOiLYgDIVPefifB3fSYgkViU7eTrkSwyYelr9H0yGlIFBLL:eWOuYgbfuJSOVB7IRwyYir9HjGlI/L
              MD5:B5EAB7AC77B571385845042F9B48594F
              SHA1:EEF93163E4188F9EB3E0B88011DB13DD480B18E4
              SHA-256:1E354FB4D88E323D4E8FAC552E3A97A532485B3811CC139D1AF76FDD6B4D321A
              SHA-512:A41C09F1A1C24AAFFD9C31C165CAB6AD3F1B7FEB40CDF448195F5C51E8F502D2C8E6E89F1E55D773C4AE4FE6A7A1F38E6D8AFF0D06B14740CAF0A6507940B627
              Malicious:false
              Reputation:low
              URL:https://cintlp.zautils.online/private-search/second/styles/reboot.css
              Preview:*,.::after,.::before {. box-sizing: border-box;. margin: 0;. padding: 0;.}.@media (prefers-reduced-motion: no-preference) {. :root {. scroll-behavior: smooth;. }.}.body {. font-family: system-ui, -apple-system, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", "Liberation Sans",. sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";. font-size: 1rem;. font-weight: 400;. line-height: 1.5;. color: #212529;. background-color: #fff;. -webkit-text-size-adjust: 100%;. -webkit-tap-highlight-color: transparent;.}.hr {. margin: 1rem 0;. color: inherit;. background-color: currentColor;. border: 0;. opacity: 0.25;.}.hr:not([size]) {. height: 1px;.}.h1,.h2,.h3,.h4,.h5,.h6 {. font-weight: 500;. line-height: 1.2;.}.h1 {. font-size: calc(1.375rem + 1.5vw);.}.h2 {. font-size: calc(1.325rem + 0.9vw);.}.h3 {. font-size: calc(1.3rem + 0.6vw);.}.h4 {. font-size: calc(1.275rem +

              Chrome Cache Entry: 72

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:GIF image data, version 89a, 1 x 1
              Category:downloaded
              Size (bytes):43
              Entropy (8bit):2.7374910194847146
              Encrypted:false
              SSDEEP:3:CU9yltxlHh/:m/
              MD5:DF3E567D6F16D040326C7A0EA29A4F41
              SHA1:EA7DF583983133B62712B5E73BFFBCD45CC53736
              SHA-256:548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
              SHA-512:B2CA25A3311DC42942E046EB1A27038B71D689925B7D6B3EBB4D7CD2C7B9A0C7DE3D10175790AC060DC3F8ACF3C1708C336626BE06879097F4D0ECAA7F567041
              Malicious:false
              Reputation:low
              URL:https://mc.yandex.com/metrika/advert.gif
              Preview:GIF89a.............!.......,...........D..;

              Chrome Cache Entry: 73

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (547)
              Category:downloaded
              Size (bytes):210527
              Entropy (8bit):5.513433052895903
              Encrypted:false
              SSDEEP:3072:sz6W3wmWR9ds3W47lTTC0VCBkv3p7tToISy4bIY:0ji9GjTOQCBOVtTotbIY
              MD5:34B80871634D0CAB0CE096201F1562E6
              SHA1:1AAA8870E27B161121A2025A750DF7473BA153CD
              SHA-256:06733AE2076F97B3446F974C4E4C6EA88BE551D12543FD3D7FECCBBF83ED3575
              SHA-512:DAD7F82BCA321816C253C6AE051F74FBCA2DC9D1F012086DDEC673C1E107A47EFF4E3A73478ECDE20A2E60BF9885F533BEA64282E7910CB56C398AEB638A16A7
              Malicious:false
              Reputation:low
              URL:https://mc.yandex.ru/metrika/tag.js
              Preview:.(function(){try{(function(){function We(a,c,b,d){var e=this;return A(window,"c.i",function(){function f(F){(F=Xe(l,m,"",F)(l,m))&&(V(F.then)?F.then(g):g(F));return F}function g(F){F&&(V(F)?p.push(F):ma(F)&&x(function(N){var L=N[0];N=N[1];V(N)&&("u"===L?p.push(N):h(N,L))},La(F)))}function h(F,N,L){e[N]=Nl(l,m,L||q,N,F)}var k,l=window;(!l||isNaN(a)&&!a)&&Wd();var m=Ol(a,Xd,c,b,d),p=[],q=[fh,Xe,gh];q.unshift(Pl);var r=C(U,Xa),t=M(m);m.id||Sa(Oa("Invalid Metrika id: "+m.id,!0));var y=$c.C("counters",{});if(y[t])return Eb(l,.t,"dc",(k={},k.key=t,k)),y[t];Ql(l,t,hh(a,c,b,d));y[t]=e;$c.D("counters",y);$c.Ga("counter",e);x(function(F){F(l,m)},Ye);x(f,Yd);f(Rl);h(Sl(l,m,p),"destruct",[fh,gh]);Pb(l,D([l,r,f,1,"a.i"],ih));x(f,W)})()}function Tl(a,c){delete I(a).C("cok",{})[c]}function Ql(a,c,b){a=I(a);var d=a.C("cok",{});d[c]=b;a.D("cok",d)}function Ul(a,c){var b=""+c,d={id:1,aa:"0"},e=Vl(b);e?d.id=e:-1===hb(b,":")?(b=Da(b),d.id=b):(b=b.split(":"),e=b[1],d.id=Da(b[0]),d.aa=Zd(e)?"1":"0");retur

              Chrome Cache Entry: 74

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text
              Category:downloaded
              Size (bytes):2442
              Entropy (8bit):5.433750282812215
              Encrypted:false
              SSDEEP:48:ejO4alhhujO4alhUFZjjO4alh9jO4alhL3rjO4alhgNjO4alheRVc+uXjO4alhmN:aO4alhhqO4alhUFZHO4alhNO4alhL3vw
              MD5:F93FFE3E7659336BDBABD70A7D00A995
              SHA1:24E4ACC6239D78C313521A4B3795E6B18E4DAF72
              SHA-256:6B8A445DBDDFB9B7C56FFD4F34B6CA628A0D2C85B6A8F4DA1EDA376694377C3C
              SHA-512:377BAEB23702D4EE906116BE7271D46C7A82963A1643B3A86D194242FBABDED0720FE939EC66AE68302BD910C6627F025FDB8D134A78DE41288B8A8DAF5EFA25
              Malicious:false
              Reputation:low
              URL:https://fonts.googleapis.com/css2?family=Inter:wght@100..900&display=swap
              Preview:/* cyrillic-ext */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100 900;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2JL7SUc.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100 900;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa0ZL7SUc.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100 900;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2ZL7SUc.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100 900;. f

              Chrome Cache Entry: 75

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text
              Category:downloaded
              Size (bytes):6162
              Entropy (8bit):4.857630211395038
              Encrypted:false
              SSDEEP:192:BAn+RSWVje84nn3Rmbn9H16AIlTGqnSLCPfDiEN:zRVj94nnYbn9VXIcyLik
              MD5:1F49E3A9C13B729B59E3C645E8EF603F
              SHA1:197D79EB78ED88FDAFBEE9896C23361829DC9E2F
              SHA-256:0DCB23E1EEE1EF86D6ED12FE95182A3A2FD6035C778A9C46E6EE8E81FD86C838
              SHA-512:5F1D8C8BEA0AF9F9A855C64BCD0CCB3DAF6663F9D3F0CC51B8507C66BEDB81F89A776EB7515D9A35F42D3014B2CFEDF13FEDD911C87A39566D9C383DC8503FBC
              Malicious:false
              Reputation:low
              URL:https://cintlp.zautils.online/private-search/js/main.js?v19
              Preview:function getCookie(name).{. let namePart = name + '=',. decodedCookie = decodeURIComponent(document.cookie),. cookies = decodedCookie.split(';');.. for(let index = 0; index < cookies.length; index++) {. let cookie = cookies[index];.. while (cookie.charAt(0) === ' ') {. cookie = cookie.substring(1);. }.. if (cookie.indexOf(namePart) === 0) {. return cookie.substring(namePart.length, cookie.length);. }. }.. return null;.}..function setCookie(name, value, expireDays = 0).{. let expires = '';.. if (expireDays) {. let date = new Date();. date.setTime(date.getTime() + (expireDays * 24 * 60 * 60 * 1000));.. expires = 'expires=' + date.toUTCString();. }.. document.cookie = name + '=' + value + ';path=/;' + expires;.}..function getParameterByName(name, defaultValue = null).{. let parameter = getQueryParameterByName(name);.. if (parameter) {. return parameter;. }..

              Chrome Cache Entry: 76

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:PNG image data, 1440 x 1024, 8-bit/color RGBA, non-interlaced
              Category:dropped
              Size (bytes):12577
              Entropy (8bit):5.666181186909877
              Encrypted:false
              SSDEEP:96:KSK/ptm6PoCwQdmV2qqw69/IhneAY3clKCLlvLVXr6y1kbOi3GyGI2xkZ8um5ZHC:KSIfnm4fqqw6FsbvLF6y1kK+j2G8pR90
              MD5:249E0547586A4D640C9E456D65BB7D15
              SHA1:96A1EE9AE0B757C3B6DBE2409E40C361C9977D26
              SHA-256:65460F10B9F2022AD931FE2B97A99D5845ADF2D69FFB691A999FD9B7173BE323
              SHA-512:7D4AC91F2C3716E99AC6BC98A7B451F2478C5A42A1289A6B1282ADFD8C8C3EB8193A60BD232D4100D265A0C8283362F9D866A2AE8748F4694C12BF86444D3C33
              Malicious:false
              Reputation:low
              Preview:.PNG........IHDR.....................pHYs.................sRGB.........gAMA......a...0.IDATx...n[...E...K..;...i..@....%E.....u"..L.?^~..e..>".y].!..x................4...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................5...vyy.~...m4.t....g...-...O.+wqqq....."...lwu~~............xz...T..../..h....(...g.W.z..zf.....3....93........................................................................................................Q

              Chrome Cache Entry: 77

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:PNG image data, 1440 x 1024, 8-bit/color RGBA, non-interlaced
              Category:downloaded
              Size (bytes):12577
              Entropy (8bit):5.666181186909877
              Encrypted:false
              SSDEEP:96:KSK/ptm6PoCwQdmV2qqw69/IhneAY3clKCLlvLVXr6y1kbOi3GyGI2xkZ8um5ZHC:KSIfnm4fqqw6FsbvLF6y1kK+j2G8pR90
              MD5:249E0547586A4D640C9E456D65BB7D15
              SHA1:96A1EE9AE0B757C3B6DBE2409E40C361C9977D26
              SHA-256:65460F10B9F2022AD931FE2B97A99D5845ADF2D69FFB691A999FD9B7173BE323
              SHA-512:7D4AC91F2C3716E99AC6BC98A7B451F2478C5A42A1289A6B1282ADFD8C8C3EB8193A60BD232D4100D265A0C8283362F9D866A2AE8748F4694C12BF86444D3C33
              Malicious:false
              Reputation:low
              URL:https://cintlp.zautils.online/private-search/second/img/page.png
              Preview:.PNG........IHDR.....................pHYs.................sRGB.........gAMA......a...0.IDATx...n[...E...K..;...i..@....%E.....u"..L.?^~..e..>".y].!..x................4...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................5...vyy.~...m4.t....g...-...O.+wqqq....."...lwu~~............xz...T..../..h....(...g.W.z..zf.....3....93........................................................................................................Q

              Static File Info

              No static file info

              Network Behavior

              Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:20:15:26
              Start date:26/04/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Imagebase:0x7ff76e190000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              General

              Target ID:2
              Start time:20:15:33
              Start date:26/04/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1984,i,4643450290400954545,2623845929518352052,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
              Imagebase:0x7ff76e190000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              General

              Target ID:3
              Start time:20:15:36
              Start date:26/04/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://remotescripps.org/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNDE1Mzc1OSwiaWF0IjoxNzE0MTQ2NTU5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjR0dWRtOGRsODdyZnRzMjAwaGg0czciLCJuYmYiOjE3MTQxNDY1NTksInRzIjoxNzE0MTQ2NTU5NTc0OTUxfQ.4QAtENw-EyGdzGdXpnWXNKSArwdeAYageduFzSwX3pI&sid=8b44beca-03e4-11ef-af17-3cc94e56dea0"
              Imagebase:0x7ff76e190000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              General

              Target ID:8
              Start time:20:16:48
              Start date:26/04/2024
              Path:C:\Windows\SysWOW64\cmd.exe
              Wow64 process (32bit):true
              Commandline:cmd /c "C:\Users\user\Desktop\"
              Imagebase:0x240000
              File size:236'544 bytes
              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              General

              Target ID:9
              Start time:20:16:48
              Start date:26/04/2024
              Path:C:\Windows\System32\conhost.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Imagebase:0x7ff7699e0000
              File size:862'208 bytes
              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              Disassembly

              No disassembly