Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

http://104.155.207.188/win.pac

Status: finished
Submission Time: 2022-05-11 09:28:36 +02:00
Malicious

Comments

Tags

Details

  • Analysis ID:
    624161
  • API (Web) ID:
    991665
  • Analysis Started:
    2022-05-11 09:28:36 +02:00
  • Analysis Finished:
    2022-05-11 09:34:34 +02:00
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 56
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 9/92
malicious

IPs

IP Country Detection
142.250.185.206
 United States
104.155.207.188
 United States
142.250.185.193
 United States
Click to see the 2 hidden entries
239.255.255.250
 Reserved
142.250.186.77
 United States

Domains

Name IP Detection
accounts.google.com
 142.250.186.77
clients.l.google.com
 142.250.185.206
googlehosted.l.googleusercontent.com
 142.250.185.193
Click to see the 2 hidden entries
clients2.googleusercontent.com
 0.0.0.0
clients2.google.com
 0.0.0.0

URLs

Name Detection
https://accounts.google.com/MergeSession
https://clients2.google.com/service/update2/crx
https://clients2.google.com
Click to see the 29 hidden entries
https://www-googleapis-staging.sandbox.google.com
https://feedback.googleusercontent.com
https://www.google.com/
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
https://apis.google.com
https://github.com/angular/material
https://clients2.googleusercontent.com
http://angularjs.org
https://support.google.com/chromecast/answer/2998456
https://accounts.google.com
https://www.google.com/images/dot2.gif
https://www.google.com
https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx
https://www.google.com/tools/feedback
https://www.google.com/images/x2.gif
https://sandbox.google.com/payments/v4/js/integrator.js
https://hangouts.google.com/
http://104.155.207.188/win.pac
https://crash.corp.google.com/samples?reportid=&q=
https://www.google.com;
https://payments.google.com/payments/v4/js/integrator.js
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
https://www.google.com/images/cleardot.gif
https://support.google.com/chromecast/troubleshooter/2995236
https://ogs.google.com
https://www.google.com/intl/en-US/chrome/blank.html
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
https://dns.google

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\c1e0b3d4-c691-48dc-8bab-d22cac04bb2f.tmp
 Google Chrome extension, version 3
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\es_419\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\es\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\en_GB\messages.json
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\en\messages.json
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\el\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\de\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\da\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\cs\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\ca\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\bg\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\d9b93b4b-f3cd-4b09-9d1d-1dbda98e63dc.tmp
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Temp\c28e1f74-d536-4061-b3ea-3384a118a928.tmp
 Google Chrome extension, version 3
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\et\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\6168_935649365\ssl_error_assistant.pb
 data
 #
C:\Users\user\AppData\Local\Temp\6168_935649365\manifest.json
 ASCII text
 #
C:\Users\user\AppData\Local\Temp\6168_935649365\manifest.fingerprint
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\6168_935649365\_metadata\verified_contents.json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\6168_692878306\manifest.json
 ASCII text
 #
C:\Users\user\AppData\Local\Temp\6168_692878306\manifest.fingerprint
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\6168_692878306\_metadata\verified_contents.json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\6168_1076056982\manifest.json
 ASCII text
 #
C:\Users\user\AppData\Local\Temp\6168_1076056982\manifest.fingerprint
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\6168_1076056982\download_file_types.pb
 data
 #
C:\Users\user\AppData\Local\Temp\6168_1076056982\_metadata\verified_contents.json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\lv\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\th\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\sv\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\sr\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\sl\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\sk\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\ru\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\ro\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\pt_PT\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\pt_BR\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\pl\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\nl\messages.json
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\nb\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\6168_1023687559\manifest.json
 ASCII text
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\lt\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\ko\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\ja\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\it\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\id\messages.json
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\hu\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\hr\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\hi\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\fr\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\fil\messages.json
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir6168_1960185979\CRX_INSTALL\_locales\fi\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0398f951-8cb1-4069-826a-8c56b4dad919.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000001
 PGP\011Secret Key -
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CURRENT (copy)
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\91da4d9a-cdcd-442f-9c34-23b892562292.tmp
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6ae60d7c-ddaa-4873-9059-bf7d1631d8ad.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\447ffb02-17f1-4df2-8bd4-0717d0f01fcb.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2445734a-a1bd-4cda-ab1a-1038713a1c6f.tmp
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\21e151be-d2d8-49e4-ab61-fa7d47a0d347.tmp
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\04b0af2d-2668-4002-97ff-271744050b2c.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\000002.dbtmp
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\000001.dbtmp
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\979c7365-4db5-480d-bb89-8a295d7440d2.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\46211e82-a1ca-4130-8a32-aa8507401785.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\2d204f1c-649b-491e-b073-91c6628bb440.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\2853f2bc-5b8f-40c1-96d1-56c40a8be678.tmp
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\155d2823-a6ca-43cd-a868-7a88b59e7872.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\1508c819-be8b-48ef-ab40-82eb845271e4.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\1307013b-ae24-46ac-a1c9-a239a26d10a5.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\097c7525-dd04-4ae8-8395-719c9897d76e.tmp
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
 ASCII text
 #
C:\Users\user\AppData\Local\Temp\6168_1023687559\manifest.fingerprint
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\6168_1023687559\crl-set
 data
 #
C:\Users\user\AppData\Local\Temp\6168_1023687559\_metadata\verified_contents.json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\6168_1023687559\LICENSE
 ASCII text
 #
C:\Users\user\AppData\Local\Temp\2fa3c091-0620-4365-9436-d44f2f3acfb8.tmp
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\df7fed9f-1eba-452e-8bdd-4c04725a42f1.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\ae1e6acb-dd68-429b-8d3a-f7860c7786f6.tmp
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f9391904-55b7-4091-ac09-61dfe64b0693.tmp
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b13c9e4a-4b78-4a0a-a4ab-648fb55e4674.tmp
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG.old (copy)
 HTML document, ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State (copy)
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\6e7b1f98-b22a-44f8-808f-4c5bb9271312.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\80cfe5db-1550-4897-a8d1-57c904cabb7c.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
 ASCII text, with very long lines, with no line terminators
 #