Play interactive tour

Edit tour

Windows Analysis Report https://pinnaclepetroleuminc.godaddysites.com/

Overview

General Information

Sample URL:	https://pinnaclepetroleuminc.godaddysites.com/
Analysis ID:	448978
Infos:
Most interesting Screenshot:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Detected potential crypto function

Queries the volume information (name, serial number etc) of a device

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

cmd.exe (PID: 4232 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://pinnaclepetroleuminc.godaddysites.com/' > cmdline.out 2>&1 MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 4952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

wget.exe (PID: 5720 cmdline: wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://pinnaclepetroleuminc.godaddysites.com/' MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)

chrome.exe (PID: 720 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'C:\Users\user\Desktop\download\index.html' MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 6024 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,16974770309779326767,15486729119825007596,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1772 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: unknown

HTTPS traffic detected: 72.167.191.83:443 -> 192.168.2.3:49714 version: TLS 1.2

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic

Snort IDS: 466 ICMP L3retriever Ping 192.168.2.3: -> 23.10.249.73:

Source: unknown

DNS traffic detected: queries for: pinnaclepetroleuminc.godaddysites.com

Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	String found in binary or memory: http://certificates.godaddy.com/repository/0
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	String found in binary or memory: http://certificates.godaddy.com/repository/gdig2.crt
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	String found in binary or memory: http://certificates.godaddy.com/repository/gdig2.crt0
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp, wget.exe, 00000003.00000002.211956778.0000000000CF5000.00000004.00000040.sdmp, cmdline.out.3.dr	String found in binary or memory: http://certs.godaddy.com/repository/
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	String found in binary or memory: http://certs.godaddy.com/repository/1301
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp	String found in binary or memory: http://crl.godaddy.com/gdig2s1-2115.crl
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	String found in binary or memory: http://crl.godaddy.com/gdig2s1-2115.crl0
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp	String found in binary or memory: http://crl.godaddy.com/gdig2s1-2115.crlV
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp	String found in binary or memory: http://crl.godaddy.com/gdroot-g2.crl
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	String found in binary or memory: http://crl.godaddy.com/gdroot-g2.crl0F
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp	String found in binary or memory: http://crl.godaddy.com/gdroot-g2.crlM
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp	String found in binary or memory: http://crl.godaddy.com/gdroot-g2.crlj
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.godaddy.com/
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.godaddy.com/0
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.godaddy.com/05
Source: index.html.3.dr	String found in binary or memory: http://scripts.sil.org/OFL
Source: manifest.json0.6.dr, 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://accounts.google.com
Source: manifest.json0.6.dr, 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://apis.google.com
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	String found in binary or memory: https://certs.godaddy.com/repository/
Source: 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.6.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: manifest.json0.6.dr	String found in binary or memory: https://content.googleapis.com
Source: 83efb3ab-45cc-4f9a-b960-a2a9c2594ccb.tmp.7.dr, 0786e044-ff35-44fc-9ee5-40f554e01a64.tmp.7.dr, 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://dns.google
Source: manifest.json0.6.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr	String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.6.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp, 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.6.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: manifest.json0.6.dr	String found in binary or memory: https://hangouts.google.com/
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	String found in binary or memory: https://img1.wsimg.com
Source: index.html.3.dr	String found in binary or memory: https://img1.wsimg.com/isteam/ip/2c799769-c520-435d-aaec-05af746a3db0/image_2021-07-14_175004.png
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	String found in binary or memory: https://isteam.wsimg.com
Source: wget.exe, 00000003.00000003.211516799.0000000002BA8000.00000004.00000001.sdmp	String found in binary or memory: https://kenyavalleyapt.buzz/info28962/proposal62271299
Source: 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json.6.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: wget.exe, 00000003.00000002.211937943.0000000000B10000.00000004.00000020.sdmp, cmdline.out.3.dr, index.html.3.dr	String found in binary or memory: https://pinnaclepetroleuminc.godaddysites.com/
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp	String found in binary or memory: https://pinnaclepetroleuminc.godaddysites.com/M
Source: 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://play.google.com
Source: 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://r3---sn-1gieen7e.gvt1.com
Source: 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.6.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://ssl.gstatic.com
Source: messages.json72.6.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json72.6.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: index.html.3.dr	String found in binary or memory: https://www.fontsquirrel.com/license/league-spartan
Source: wget.exe, 00000003.00000002.212548294.0000000002B9F000.00000004.00000001.sdmp, wget.exe, 00000003.00000002.212554022.0000000002BA7000.00000004.00000001.sdmp, index.html.3.dr	String found in binary or memory: https://www.godaddy.com/websites/website-builder?isc=pwugc&utm_source=wsb&utm_medium=applica
Source: manifest.json0.6.dr, 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.6.dr	String found in binary or memory: https://www.google.com/
Source: manifest.json0.6.dr	String found in binary or memory: https://www.google.com;
Source: 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.6.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.6.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.6.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.6.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.6.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.6.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.6.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.6.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.6.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.6.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.6.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.6.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.6.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.6.dr	String found in binary or memory: https://www.gstatic.com;

Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757

Source: unknown

HTTPS traffic detected: 72.167.191.83:443 -> 192.168.2.3:49714 version: TLS 1.2

Source: C:\Windows\SysWOW64\wget.exe	Code function: 3_2_00D2EB80		3_2_00D2EB80
Source: C:\Windows\SysWOW64\wget.exe	Code function: 3_2_00D2A21A		3_2_00D2A21A

Source: classification engine

Classification label: mal48.win@36/175@4/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\Desktop\cmdline.out

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4952:120:WilError_01

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\f400f45c-e7e1-4864-8907-8ceadf68bd67.tmp

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://pinnaclepetroleuminc.godaddysites.com/' > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://pinnaclepetroleuminc.godaddysites.com/'
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'C:\Users\user\Desktop\download\index.html'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,16974770309779326767,15486729119825007596,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1772 /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://pinnaclepetroleuminc.godaddysites.com/'	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,16974770309779326767,15486729119825007596,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1772 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Code function: 3_2_00D2F903 push 00000078h; retf

3_2_00D2F905

Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Source: wget.exe	Binary or memory string: Hyper-V RAW
Source: wget.exe, 00000003.00000002.211971311.0000000000D18000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\SysWOW64\wget.exe

Queries volume information: C:\Users\user\Desktop\download VolumeInformation

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading3	OS Credential Dumping	Security Software Discovery1	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel12	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	System Information Discovery12	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information1	Security Account Manager	Remote System Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://pinnaclepetroleuminc.godaddysites.com/	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://kenyavalleyapt.buzz/info28962/proposal62271299	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
googlehosted.l.googleusercontent.com	172.217.168.33	true	false	high
pinnaclepetroleuminc.godaddysites.com	72.167.191.83	true	false	high
img1.wsimg.com	unknown	unknown	false	high
clients2.googleusercontent.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Desktop/download/index.html	true		low

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://img1.wsimg.com/isteam/ip/2c799769-c520-435d-aaec-05af746a3db0/image_2021-07-14_175004.png	index.html.3.dr	false		high
http://crl.godaddy.com/gdig2s1-2115.crlV	wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp	false		high
https://dns.google	83efb3ab-45cc-4f9a-b960-a2a9c2594ccb.tmp.7.dr, 0786e044-ff35-44fc-9ee5-40f554e01a64.tmp.7.dr, 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://certificates.godaddy.com/repository/0	wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	false		high
http://certs.godaddy.com/repository/1301	wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	false		high
http://crl.godaddy.com/gdroot-g2.crlM	wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp	false		high
https://www.godaddy.com/websites/website-builder?isc=pwugc&utm_source=wsb&utm_medium=applica	wget.exe, 00000003.00000002.212548294.0000000002B9F000.00000004.00000001.sdmp, wget.exe, 00000003.00000002.212554022.0000000002BA7000.00000004.00000001.sdmp, index.html.3.dr	false		high
https://kenyavalleyapt.buzz/info28962/proposal62271299	wget.exe, 00000003.00000003.211516799.0000000002BA8000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.godaddy.com/gdig2s1-2115.crl0	wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	false		high
https://img1.wsimg.com	wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	false		high
http://crl.godaddy.com/gdroot-g2.crl0F	wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	false		high
https://isteam.wsimg.com	wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	false		high
http://crl.godaddy.com/gdroot-g2.crlj	wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp	false		high
https://pinnaclepetroleuminc.godaddysites.com/	wget.exe, 00000003.00000002.211937943.0000000000B10000.00000004.00000020.sdmp, cmdline.out.3.dr, index.html.3.dr	false		high
http://certs.godaddy.com/repository/	wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp, wget.exe, 00000003.00000002.211956778.0000000000CF5000.00000004.00000040.sdmp, cmdline.out.3.dr	false		high
https://www.fontsquirrel.com/license/league-spartan	index.html.3.dr	false		high
https://clients2.googleusercontent.com	0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	false		high
http://crl.godaddy.com/gdig2s1-2115.crl	wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp	false		high
http://crl.godaddy.com/gdroot-g2.crl	wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp	false		high
http://scripts.sil.org/OFL	index.html.3.dr	false		high
http://certificates.godaddy.com/repository/gdig2.crt0	wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	false		high
https://feedback.googleusercontent.com	manifest.json0.6.dr	false		high
http://certificates.godaddy.com/repository/gdig2.crt	wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	false		high
https://pinnaclepetroleuminc.godaddysites.com/M	wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp	false		high
https://certs.godaddy.com/repository/	wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
72.167.191.83	pinnaclepetroleuminc.godaddysites.com	United States	26496	AS-26496-GO-DADDY-COM-LLCUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.168.33	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
127.0.0.1

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	448978
Start date:	14.07.2021
Start time:	22:31:39
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	urldownload.jbs
Sample URL:	https://pinnaclepetroleuminc.godaddysites.com/
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	29
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@36/175@4/5
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 1
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 168.61.161.212, 2.20.157.220, 13.64.90.137, 40.88.32.150, 23.10.249.99, 23.10.249.73, 172.217.168.45, 216.58.215.238, 172.217.168.35, 172.217.168.14, 74.125.173.168, 34.104.35.123, 95.100.54.203, 20.82.209.183, 172.217.168.42, 216.58.215.234, 172.217.168.10, 23.0.174.200, 23.0.174.185, 40.112.88.60, 20.50.102.62, 23.10.249.43, 23.10.249.26, 20.82.210.154 Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, e40258.g.akamaiedge.net, store-images.s-microsoft.com-c.edgekey.net, clientservices.googleapis.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, r3---sn-1gieen7e.gvt1.com, e12564.dspb.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, clients2.google.com, redirector.gvt1.com, audownload.windowsupdate.nsatc.net, update.googleapis.com, arc.trafficmanager.net, watson.telemetry.microsoft.com, www.gstatic.com, img-prod-cms-rt-microsoft-com.akamaized.net, global-wildcard.wsimg.com.sni-only.edgekey.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, skypedataprdcolwus17.cloudapp.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, accounts.google.com, r3.sn-1gieen7e.gvt1.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, www.googleapis.com, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, ris.api.iris.microsoft.com, edgedl.me.gvt1.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, clients.l.google.com Execution Graph export aborted for target wget.exe, PID 5720 because there are no executed function Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtWriteVirtualMemory calls found. VT rate limit hit for: https://pinnaclepetroleuminc.godaddysites.com/

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	451603
Entropy (8bit):	5.009711072558331
Encrypted:	false
SSDEEP:	12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
MD5:	A78AD14E77147E7DE3647E61964C0335
SHA1:	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
SHA-256:	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
SHA-512:	DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
Malicious:	false
Reputation:	low
Preview:	BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

C:\Users\user\AppData\Local\Google\Chrome\User Data\0cbc4fd3-e92e-4f54-9c67-19a2090b31ee.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	173763
Entropy (8bit):	6.080157791737749
Encrypted:	false
SSDEEP:	3072:Pe2i005h14shd52ieCF8aM7ccCvd2IwZf6nFcbXafIB0u1GOJmA3iuRI:2y0Rbh9IHNmMMaqfIlUOoSiuRI
MD5:	A57B794C4A53B3E1B129C18A207B64C5
SHA1:	4AC072D55EB51A0B5B737C6893370C05C943C905
SHA-256:	32ACA17D32781C9D9CDAEF2FBAA37F58A2C7B6129ACA7EC8C48A46ED466D7793
SHA-512:	BE11B45B3D9CCC7FA1BFAFBD15739C3F797F159EB8C959C5B1A45055983064A2B8F94A5CA1213258B4FA7C90BCFB06657D217A93D222E958F8A1DDA1225E7966
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.626327158045686e+12,"network":1.62629476e+12,"ticks":4068264096.0,"uncertainty":4712751.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Google\Chrome\User Data\151b273a-95b9-4bb3-929a-3ff50c9e195d.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	95428
Entropy (8bit):	3.751927106779627
Encrypted:	false
SSDEEP:	384:9oBmrcTvVWchiZlViY/6Nfr8vLR3crVoHxkGwPrK1PXxMp1Rkr+3meKQWB/v3IOj:mBmDSaFVWpgU4enTZVovPKFK/dLNJ
MD5:	AA16D0043ACA9369544B01A02ED8AAC3
SHA1:	5ABCDE2D34C75066CDA0205B406C828A45FFF78C
SHA-256:	9E0E30FA2F6E20ECFE95644CE15F4D391A67D138792AA42C56E807F2E9D33576
SHA-512:	243539FE99D2152BFB955141D107510DC08E2BB03343DD11D135FE1297A6A6A1E27903928F88D0F2E36B5E8CED60C4F450082A64D1F32866D45C8D5D023435D2
Malicious:	false
Reputation:	low
Preview:	.t.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....?8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\1644f104-b3fc-4a99-922e-6ef443270d6b.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	165399
Entropy (8bit):	6.050335465516837
Encrypted:	false
SSDEEP:	3072:3i005h14shd52ieCF8aM7ccCvd2IwZf6nFcbXafIB0u1GOJmA3iuRI:h0Rbh9IHNmMMaqfIlUOoSiuRI
MD5:	5C34CC9514A70FA8BAC360692C7569F2
SHA1:	DA43307B6C43D15CA5BC0855F3BA81627B6F69EF
SHA-256:	2255EEFAAF5F48016BDBC8D3A7F3A4E086AF29AF2D2D28A01577BB2AF06932EB
SHA-512:	29884846B76FCE017C9A10FF7D1B479B456A4FD7CDF90B7750709316C5A80684DF4519AA055012DFBDB5A4E80DB0ED4C3DC03594C1037A5A54EEEA5B96F07AC2
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.626327158045686e+12,"network":1.62629476e+12,"ticks":4068264096.0,"uncertainty":4712751.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016810194"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Google\Chrome\User Data\29a7f201-52f4-47a7-9151-d0a07624b5ae.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	173763
Entropy (8bit):	6.08015923911749
Encrypted:	false
SSDEEP:	3072:Pe29005h14shd52ieCF8aM7ccCvd2IwZf6nFcbXafIB0u1GOJmA3iuRI:m10Rbh9IHNmMMaqfIlUOoSiuRI
MD5:	A8906CB7740D4095DBA0648905142E83
SHA1:	D81ED85F65D0D8E880D378C027BE8E9058AB7A12
SHA-256:	2FE232E2D72822BC345E2CE357A80BC1CA3D4CF954EE57766265D5A096DB8D80
SHA-512:	C9F7FF0095DA189E78DFF7ED80CE1A0CEEF036B05A4BFBDD5C8D53C6E4014F844AC7A54DB5440101335A76B7899D63CEAA0FC4016D9C0E14C19347F092FD14EF
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.626327158045686e+12,"network":1.62629476e+12,"ticks":4068264096.0,"uncertainty":4712751.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Google\Chrome\User Data\402ca87a-27a9-4a62-8f05-a338a2f3aa25.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	165399
Entropy (8bit):	6.050335465516837
Encrypted:	false
SSDEEP:	3072:3i005h14shd52ieCF8aM7ccCvd2IwZf6nFcbXafIB0u1GOJmA3iuRI:h0Rbh9IHNmMMaqfIlUOoSiuRI
MD5:	5C34CC9514A70FA8BAC360692C7569F2
SHA1:	DA43307B6C43D15CA5BC0855F3BA81627B6F69EF
SHA-256:	2255EEFAAF5F48016BDBC8D3A7F3A4E086AF29AF2D2D28A01577BB2AF06932EB
SHA-512:	29884846B76FCE017C9A10FF7D1B479B456A4FD7CDF90B7750709316C5A80684DF4519AA055012DFBDB5A4E80DB0ED4C3DC03594C1037A5A54EEEA5B96F07AC2
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.626327158045686e+12,"network":1.62629476e+12,"ticks":4068264096.0,"uncertainty":4712751.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016810194"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Google\Chrome\User Data\97fcb909-f843-4c64-a337-9a78a5a6613e.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	92724
Entropy (8bit):	3.751599543251354
Encrypted:	false
SSDEEP:	384:zoBmrcTvVWctZ+/6Nfr8vLR3crVoHxkGwPrK1PXxMp1Rkr+3meJWB/v3IOpZHNGp:EBmcaFVWp8U4enTZVovPKFK/dLNs
MD5:	801E3FC2390B9F60C053DC71D0B4A6D2
SHA1:	808C3CDD781A0D88BECD7BE3A3E8B37B70FC5994
SHA-256:	1C619DC723C83ED5D2BEEED714D65B3022A1438EC86ED89D71FB48272B0525B5
SHA-512:	83C8B930DB532A3F8EB0028319AA373EDFDDAB004783A59B99036BB78B9CF95BB87A9D5A9018E0FC8C0E8F10A279919B30CDE843992FDDD51321FBA9EEA7D082
Malicious:	false
Reputation:	low
Preview:	0j.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....?8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.254162526001658
Encrypted:	false
SSDEEP:	3:FkXft0xE1G1mstft0xE1G1mstft0xE1n:+ftIE1G1mkftIE1G1mkftIE1n
MD5:	E9224A19341F2979669144B01332DF59
SHA1:	F7F760C7104457DF463306A7F7BAE0142EFCEB5B
SHA-256:	47DD519C226D23F203ACAE0EC44DF9BB6208828E24F726E1602EA52F63C3E2BE
SHA-512:	4184302DEB5009D767FECFC150F580DD57D5CF9CF3BFEB7E52C9F3340E5E6499251B9F0DFF37F0454411FED9046880E0A9204312D021294256372C916B8155AC
Malicious:	false
Reputation:	low
Preview:	sdPC....................s}.....M..2.!..%sdPC....................s}.....M..2.!..%sdPC....................s}.....M..2.!..%

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4219
Entropy (8bit):	4.871684703914691
Encrypted:	false
SSDEEP:	48:YXsJjMH+5s7YMHBKsvxMHVzspxMHbsIHt/soBDysKqnsllzMHpDCLsWJMHLsNuMg:RG+ZGJG+GTTD7IGpD+G7Gp2GnG4GVhH
MD5:	EDC4A4E22003A711AEF67FAED28DB603
SHA1:	977E551B9ED5F60D018C030B0B4AA2E33B954556
SHA-256:	DD2C9F43F622F801FCC213CDE8E3E90EF1D0D26665AE675449A94CEC7EB1D453
SHA-512:	84D3930579FD73C7D86144D5CDC636436955BA79759273C740D2D72BC4847F2F7F165BBCA3EB2E4DFB01777D6A5F141623278C1BF74615C5A491092CE3FD1602
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248543677350473","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543677350474","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31344},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31656},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501454993","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501454994","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39369},"server":"https://www.googleapis.com","supports_spdy":true},

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0e3da781-2534-49cf-aa97-12d55abc2677.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Reputation:	low
Preview:	.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1611abed-3e3b-4275-8567-0780cf639c79.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4842
Entropy (8bit):	4.952716906365969
Encrypted:	false
SSDEEP:	48:YcLUklSLklwHjecBqA8dqTlYqlQKHoTw0FH3CH3G/s8C1Nfct/9BhUJo3KhmeSnz:nLCtoXMpcKIFok0JCKL8VbOTQVuwn
MD5:	5643A9B3CB102CC3A766779F1F95D102
SHA1:	94CAB56AADF711A77F05A7E5F56A80756EB6FB9F
SHA-256:	EDEC6E04B824BD16D4CCBC32A2D2D04840B546961F0BFB35525CF97E8DE2B70E
SHA-512:	84460AC09D4C80F27A3057B2FFC264EF8CA2010DB6E7894E5352D9A15E8B75A00202C4A12DDC5E989DB7B2F651598AF735D25748A160669DDC546BF6E822CC10
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13270800755031630","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\316b0ec4-125d-4a3a-bf8c-098ccb0b9329.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1039
Entropy (8bit):	5.568491184256563
Encrypted:	false
SSDEEP:	24:YI6H0UhVsTG1KUerkq/HeUeXby2qUeXvVb7wUURUenHQ:YI6UUhVseKUewqPeUer2UefpwUYUenw
MD5:	A5BF5AFF95CC424118CC57C2ADEA7226
SHA1:	CF8623B432B6412F31D53F809CAC7A664186AF62
SHA-256:	C9F7C1D5F0F55DDA2DE85C25CB1A24724A67357CE4465178FB9C5FE932DD07D0
SHA-512:	B271C739AD3CDF2053C6ECF68677D89997264D565545F0113FED3CC953CBF2215A4BA2C009E51B31C63495A42452EB4CAEA78F4DBEF90F6B2F7EE14FB2EF6BFF
Malicious:	false
Reputation:	low
Preview:	{"expect_ct":[],"sts":[{"expiry":1633014077.350499,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601478077.350503},{"expiry":1633014077.22511,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478077.225114},{"expiry":1633014092.4175,"host":"0J7rAWV0ouCFYJ9XrkDiKnAO1SshXJmLJE1SS3V8kDM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478092.417504},{"expiry":1633014091.91938,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478091.919383},{"expiry":1657863159.830438,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1626327159.830442},{"expiry":1633014077.462534,"host":"+ccWXqaoHJ9hfuXbleKV6FQUrBlyXAJ31BdqjNQJpHs=","mode":"force-https","sts_include_subdomains":false,"sts_obs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3af28d95-9893-4375-8133-e589123dfe5c.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	16745
Entropy (8bit):	5.57805272700769
Encrypted:	false
SSDEEP:	384:vDLtALlOfX71kXqKf/pUZNCgVLH2HfDLrU408zl4C:6LlY71kXqKf/pUZNCgVLH2Hf3rU40ElJ
MD5:	41B9BD978443BCAA6FAB460FAE4E4B2B
SHA1:	F198E6A071A0B0BB95DF9DE52FBD08FDC0ABBCCC
SHA-256:	513ACAAFFD002A31FA6BF7AE60030F3EFE3D8B32D14E7E38767311FBFC0808F4
SHA-512:	02CDEE0DD5F1623EDC0F9B875BE88C2F8DD4D606D1DFA5B4D7B95861C844677F6A43AB55FFBE76DEC61E0FEFA41056FB948A2ADF0A40CF9A0A0D1AB11DB1D4F9
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13270800754783955","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4562018f-a862-4bef-9425-24ef61cae3b9.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5499
Entropy (8bit):	5.181263494290372
Encrypted:	false
SSDEEP:	96:nLCtyrMXaCWccKInok0JCKL8fbOTQVuwn:nLCKMxcs4Kg
MD5:	A3A1AE62D5AD93EBF898E9B5020BAC9E
SHA1:	16DF2FA9B885580F4A96E0410CF6BC3A29828046
SHA-256:	5FC16D8F617B003A1AD30A79DB2457368C9489D0A4E9ABA4AB963A84590CB2BC
SHA-512:	D8557BAC976B226329EDD2CF88797B094FD6CB3519F542AD62143C430BB29C2385C56C54537CEDEA8349AC81DF4A49C3C9633FF67A0C7375574D37204D9470EC
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13270800755031630","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5e317d77-67f5-413b-add0-513d376907fd.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5473
Entropy (8bit):	5.178000121877279
Encrypted:	false
SSDEEP:	96:nLCtPrMXaCWccKInok0JCKL8VbOTQVuwn:nLChMxcs4K6
MD5:	8B50349F5824AB0503854572A4DF29B5
SHA1:	D9A47C1625E0C7CB1BF86316EC24B19F7ECB0475
SHA-256:	E62CA5198D5824BE149048F5AF200E8FBF24502BCE11DBB557A9AB00C5F5D2FD
SHA-512:	8235FC73F264C00C037FD87BD81937D62D600C8B505EC9D594A5B151900085663A358351D5EEF7F53EAE56A082FC5E68B08885D23D0F652ED73B1BB584AD048B
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13270800755031630","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\992a1d58-1303-4672-b8f3-bf40ed48004b.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	2073
Entropy (8bit):	4.8950426054163065
Encrypted:	false
SSDEEP:	48:Y2TntwCXGDHz5shRLs4ZTscAShswJtyKsw3zsgMHuOYhbD:JTnOCXGDHz2XZ6CP5FGUhH
MD5:	8E631E00C9252980BB7FEE91A4429770
SHA1:	0081ABA40C438BAC394B696D7F8F5C5E4775A52A
SHA-256:	6FB3C6C4182F25A710081468121180ED79EE98DDEE6F72A7384F8DE5C2AC087F
SHA-512:	0A14FFA81AF1DF36FE3AD337D51FB68F5B6FED71769F8D48129C80EA516D3F868BA974DAFC616AE42974FAC52B96083336056CC69E22C5912A5A072231626102
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://play.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13273392759830389","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13273392759877068","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://redirector.gvt1.com","suppo

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.184814857606651
Encrypted:	false
SSDEEP:	6:mk+YDUM+q2PWXp+N23iKKdK9RXXTZIFUtpz+YDjZmwPz+YDwMVkwOWXp+N23iKKU:NYM+va5Kk7XT2FUtp9n/P9MMV5f5Kk73
MD5:	AEB64F2FEF0DE50183B75A9338401A6F
SHA1:	DE0FDA565737A11EDDFF468E7EF507DC0FF603C4
SHA-256:	409A3227D37D8C51B20D03C2F7357E68B15E150D45FFF58A31CB6CD2C986C7C8
SHA-512:	9234DB3C71EF78E843FA7405B614BFF729EA3502A98D4CF66216E50711A86645597B24E783417D91A86BAE621943E889CD84F7F3A1B2A7A2C7F52F0B259D17DE
Malicious:	false
Reputation:	low
Preview:	2021/07/14-22:33:00.317 11fc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2021/07/14-22:33:00.319 11fc Recovering log #3.2021/07/14-22:33:00.322 11fc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	318
Entropy (8bit):	5.200973573763091
Encrypted:	false
SSDEEP:	6:mk+YDX8M+q2PWXp+N23iKKdKyDZIFUtpz+YDX/mZmwPz+YDXaRpMVkwOWXp+N23m:NL8M+va5Kk02FUtp9L/m/P9LSpMV5f5A
MD5:	8F4FB58A79C94C8AE144B94529F7127F
SHA1:	2CCC4EB6563174EC875D165C40F4ED51670719D2
SHA-256:	555C94F6AE317A45FD0AF8610367C8393B8B9842BA385080D62A444D8AAF71F2
SHA-512:	CAC2078B9A10530A4F663902B98066BB096AF05FC99C87CC6C635334AE984B8DF59B1B2040A19135E1FB5D0BDC8FA61622E6DFD483F54BB115CFE70A55557E9C
Malicious:	false
Reputation:	low
Preview:	2021/07/14-22:33:00.270 11fc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2021/07/14-22:33:00.288 11fc Recovering log #3.2021/07/14-22:33:00.289 11fc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.6863571317626186
Encrypted:	false
SSDEEP:	12:TLyen4ufFdbXGwcFOaOndOtJRbGMNmt2SH/+eVpUHFxOUwae6:TLyqJLbXaFpEO5bNmISHn06Uwd
MD5:	1C0EAEEE6463CAE33B7A7CD9D9DF4DA5
SHA1:	FBC6A28A1501E40154FDC0A9D0C2F34A5F88AA65
SHA-256:	ED8AE7C5E6885874A39F4E86258F552670352A18D29BE1FF4D372A2F4CD06C8A
SHA-512:	355D19828609971998B09B36E7C7D304B7FB88C7A726670BEBF5CF2E2710F8E71B0F9DEF6FE9712B484C1EB122AEEEFDECF31D13E02C4539C399DFB86EC7619F
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	12836
Entropy (8bit):	0.968280110875314
Encrypted:	false
SSDEEP:	24:X4FcLgAZOZD/pqLbJLbXaFpEO5bNmISHn06Uwat8:oF8NOZpq5LLOpEO5J/Kn7U5t8
MD5:	82DBBC381CFB80C3E1356E0449815535
SHA1:	ADD71FEB9E99ECDA6E46C9D75FE201EF3E2A49DE
SHA-256:	54450B6C16C2D94DA4DA00322F5CCA4C323EF6D54F8F9DDE14C24D678E03A803
SHA-512:	7277AB9247CD36E9B8D452CAE6D9FF6E9A4A93F0CC04B9435C0A1817856448C75D6D5AC39F9CFDC19FD1FF6D5DC926F91A99823174951CBC7528C972CBD37AEF
Malicious:	false
Reputation:	low
Preview:	............P..F........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	968
Entropy (8bit):	3.388890081545902
Encrypted:	false
SSDEEP:	12:3olydJhHnKKtiPlpxlpN8kIyTJWBBKjmy/rlaKtf3/JzEKBBKjmVXV:34SJKuIlrlAKWDWmy5BHDWmVXV
MD5:	8EBA40245A71FD632CC33593B7F9282B
SHA1:	058F282D57F79BB338B26FFEBC9299D8C9774446
SHA-256:	E41606C5FC51C834C7855B3E6E5E60DAE552BC7F81286DF2CDBCED52B2A8BE85
SHA-512:	D3572DC5B4B87AFE8116DCE94B7BA49C483DBFC220275CE6687F07067DF520E07F54F11494BC9DC3D5D46AC1746F337B3A35DB2A1EAD6D0F151032F1C22398B4
Malicious:	false
Reputation:	low
Preview:	SNSS....................................................!.............................................1..,.......$...59825c8c_b0ee_4005_94a5_218e01ce41ba........................M.................................................................................5..0.......&...{524A03AB-861D-4591-9B4E-BDD69F9D425A}................\|...........2...file:///C:/Users/user/Desktop/download/index.html......................................................h.......`.......................................................z.m."...{.m."...........(...............................l...2...f.i.l.e.:./././.C.:./.U.s.e.r.s./.h.a.r.d.z./.D.e.s.k.t.o.p./.d.o.w.n.l.o.a.d./.i.n.d.e.x...h.t.m.l.....................................8.......0.......8....................................................................... .......................................................2...file:///C:/Users/user/Desktop/download/index.html...........%/.............................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	1.8112781244591325
Encrypted:	false
SSDEEP:	3:3Dtn:3h
MD5:	0686D6159557E1162D04C44240103333
SHA1:	053E9DB58E20A67D1E158E407094359BF61D0639
SHA-256:	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
SHA-512:	884C0D3594390E2FC0AEAB05460F0783815170C4B57DB749B8AD9CD10741A5604B7A0F979465C4171AD9C14ED56359A4508B4DE58E794550599AAA261120976C
Malicious:	false
Reputation:	low
Preview:	SNSS....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	164
Entropy (8bit):	4.391736045892206
Encrypted:	false
SSDEEP:	3:FQxlXayz/t2Hmwg0EOZL7Ao4uhFkEuRLKyC5Ei5+Gg:qT5z/t2qoEwhXeLKB
MD5:	0A906A9A542CDF08FF50DAAF1D1E596E
SHA1:	B97D6274196F40874A368C265799F5FA78C52893
SHA-256:	EB9CABBF5FDA1AD535300B0110EAA4068A083248BA928A631C9278545935426D
SHA-512:	8795E905B711ADE6B1C4B402D50AF491B64D157AA738669482DDBFC30E857DF970BFFB774A925F3F4A0802BD27AFAF939CE140894FF09B67FB9C0BB83ED4491A
Malicious:	false
Reputation:	low
Preview:	.f.5................i.Wd...............Sgdaefkejpgkiemlaofpalmlakkmbjdnl.declarative_rules.declarativeContent.onPageChanged.[]..F..................F................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.208207240776643
Encrypted:	false
SSDEEP:	6:mk+/eVq2PWXp+N23iKKdK8aPrqIFUtpz+/0QYgZmwPz+/aVSIkwOWXp+N23iKKdr:QeVva5KkL3FUtpggg/PgeSI5f5KkQJ
MD5:	70C3B50785B6DC2411CF85999BB9E7BE
SHA1:	1F1C32282926E48740F8F076BAECA36E78CF1AF5
SHA-256:	8611846297A02924639A49B4E772F5B36927C48D88B1D2FAAF785CF1DF2AA64D
SHA-512:	1F921CD4079376BDE18689A279E6796687E648B749F409943FE0D49450C8B6554D414B593C0AF62599F064B109CE02A39F6E6050CA4F29DF8986163129541B96
Malicious:	false
Reputation:	low
Preview:	2021/07/14-22:32:35.046 12e0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2021/07/14-22:32:35.048 12e0 Recovering log #3.2021/07/14-22:32:35.049 12e0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	570
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
MD5:	D4BA0AE0BB0B9FAFF3DA6F35FDBC3C8A
SHA1:	FB3E9DEC7F35A9B1D94E54A5659DD0DE484055E7
SHA-256:	99DEF1B557F19F04C1AFFC6F247D0451F33FC10EC42E73792223C3215AC98BE6
SHA-512:	86FD07C34B9ABD4C52BA19EAE291936F92BC6D38A75C021EDC1DEDBC15617669876180CD99F959C62476D82EC6BB9F5FE4C6CB4D82CB037EFB76D99A4D3D9C51
Malicious:	false
Reputation:	low
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.23805831874356
Encrypted:	false
SSDEEP:	6:mk+s+q2PWXp+N23iKKdK8NIFUtpz+f/FXZZmwPz+fYVkwOWXp+N23iKKdK8+eLJ:H+va5KkpFUtpK/FXZ/PKYV5f5KkqJ
MD5:	95ADDBBDBD65FCE236C4BB495EAE6C7D
SHA1:	01917E118E7C0D84C572567B87D8D8C92438E752
SHA-256:	8D6F53B302C0E5095481F177B1AEF60050FF31321313B3B5D64D636C1F68C548
SHA-512:	1A54568A6ECE12FE68B5664B2EBC433DA02D6BE0D0E5B44DF18B6067A049D3BB9E9571D35FF794C07F63942A105F3658731DCD2271A69E7663C9558F92CFBEF7
Malicious:	false
Reputation:	low
Preview:	2021/07/14-22:32:37.399 16dc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/07/14-22:32:37.400 16dc Recovering log #3.2021/07/14-22:32:37.401 16dc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	11217
Entropy (8bit):	6.069602775336632
Encrypted:	false
SSDEEP:	192:GbylJnlTwGB7V9Hne4qasKxXItmLG48gcLg/PkI:Gb+nldByaFx4toj8VEPT
MD5:	90F880064A42B29CCFF51FE5425BF1A3
SHA1:	6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF
SHA-256:	965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
SHA-512:	D9CBFCD865356F19A57954F8FD952CAF3D31B354112766C41892D1EF40BD2533682D4EC3F4DA0E59A5397364F67A484B45091BA94E6C69ED18AB681403DFD3F3
Malicious:	false
Reputation:	low
Preview:	{"file_hashes":[{"block_hashes":["A+1PYW3V6CJbBuQ7aqrgYhyH3bT8PKyBXp3hN2slpI0=","WSOpQRkYTHjPSlG9Zif2a7TNhy43NDcG1Zg5Nv0UbH0=","jDctR8ImG5KZrQKm4kDjUB7FokSJfjo/pmvFowRVlaY=","LPxhhJiuU0lprt0T6flpS7TkaDg7MocrbmzO65xH6RI=","nZ9zLb2By96AkKXALRM+C0Eu11XUjPiMXEKjiCPdtHE=","wifibc1QfMBN2jrtUtLgsCefvuceTpAatmLvul11RJA=","dHjWlSIIdjj7MWqg3T8MG58RuuqRXk32vqi/13JqEgA=","zd3DV7dbvfNvx1hdhU01fW5ily52DLN0CFL/ADaEeTI=","DpjXcO85FFFY9KJFPkGNfFUtdQIOsGwO5jUckiUwY14=","gqid6l1+mk/6yWgUECRofI9lMipXgXh2jEN2+CxmPE0=","prDB91X2Mmfg/M/txVMITWBmEGbOGjqBTP7CMjYqdHs=","yLPAqV4gqoyS/zFkEt3Cn2j0q2v9QOSthVFfWn8EzCM=","EPQ3jzdrLkAHyvf3920B5Y3aAkO1IJdn/UtbnAmq6T0=","+oOc6ca+ChKUpTu+oa2ZRxRE+wG3QJmuYWEvYCs40NI=","3mBGNAiRlTANEQkqzU3TEi+5wJ0ubR5uwtS4/9OOM7w=","1A9NNawxuhu95H5eThvf1rewJ4QQWhhPNxJXO1C/n68=","E3vWLQxzmj+e5QxYbUscllJ5n0ITpw5JBHV1Kph3/KM=","i3I8ghdTF9c1ZXNBZmvsID+DV4gxBVN27rj9wsMtRpg=","R8B8qYabnMSlLPhrtu0hGYrHn3llsMHqBbi70gkIjEE=","rhlzuEvv2KRAFMms896xFwkNgPrw6WvmgPn6xrBSa2Y=","LAMXv6sRb0VZrY34aVXF3Fftxs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	23474
Entropy (8bit):	6.059847580419268
Encrypted:	false
SSDEEP:	384:7dNc1NC6IcafusK4H1IIGRlhKlkIALQWdynQh2RX4K6M1tVztzr7XSNyzH:7dOscSRKc1nGRSkIhEw6M1tf7SNyb
MD5:	6AE2135EA4583C2F06CDEBEA4AE70FA4
SHA1:	DCEB26C7F02D53B5F214305F4C75B4A33A79CDC2
SHA-256:	03AA1944CB3C4F39E20B6361571BC45DFBEBD3FFDA3D8F148CC6ECB29958F903
SHA-512:	B5945E67D9F73DD1982D687E5C6D9B5D6B3886C8050363A259755C76AC0F93651F3425FA7C21AA6A13977AC1C8C9322F998F131648CB8909096058D4F0D23312
Malicious:	false
Reputation:	low
Preview:	{"file_hashes":[{"block_hashes":["DOZdV3jFvk12AM2JNDYKo3KZrIVRprmJ+sVGWkqqE4Q=","rVElW3Hu3T52SzDDUqGT5YiJTBGUv2h3pNuBKFlhZ1U=","X/3fg4KZxgQ1jBr5QGq0F5JnflgE27UErd88mrxTcxs=","VibLbpy0ig+5INMOU71fTYN76iaka2XVpmm1qAKYsX8=","EChCwCbQHbHQ7oDdGT2qNyiRJ0yck2YC2emNGq4whtE="],"block_size":4096,"path":"_locales/iw/messages.json"},{"block_hashes":["xklkoZ7iSU1+7cd6DAtEmUC5lPFd+EgcbnzxkOiFwlk=","3KbsvoxKY/3AwqgF2aAdVQRpMhsNVRkQ3rx2A6Z2Z+Y=","o9+tsohquaCMj+70zeinRG/hBhA2uLoDl/WoC1uokME=","xV/K8xucyWJELVT8Cqn+ugFjobBVmg8pnmACF+2PP4Y=","p/mvJm2wuCl32Rx3it654MljKAsMe3S9IDEabc1A8mE=","j8mPrTb5oOsBTj2Fer78JE6xG6+kR64Cvu2SW8d3j/k=","nqSRpGQ3USU2bZJsZ+AzBmFOyann8omwJrhEWFZDTXc=","eTcQyJUuNuF9yCga/fXGyFCj/pysSceanhBzksdx23s=","Wj7faqnspelXKMvnduxHn1XUBG8TEOqyns7/oUihekM=","VtBwXoadI3EP336rAiL33Gz19KGqtN+RYdKnMKAXoLw=","iDgLXQqXJp8nCZxgLuC9LXM45DGfufvGnXvmHsn18wc=","g+RfdDfrWTUK0Pkcsbot7NJ4SC9wVRV/dVVMuHAtEj8=","2oC4HcCuXu3VjFf6wnKlznt9uqQNaebcuWpm/mWj69U=","aMUIpuFqPMiieSaWhIktCK62v2P3OZQAWupWsYzCnvk=","L

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log Download File

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report https://pinnaclepetroleuminc.godaddysites.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Sigma Overview

Jbx Signature Overview

Compliance:

Networking:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files