Windows Analysis Report
http://estm.fa.em2.oraclecloud.com

Overview

General Information

Sample URL:	http://estm.fa.em2.oraclecloud.com
Analysis ID:	1308742
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

Signatures

There are no high impact signatures.

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\chrome_BITS_5716_476727415

Jump to behavior

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-115.0.5790.171Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /oam/server/obrareq.cgi?encquery%3DKgv3GDyS6cMn%2FJYpZVjaFgRUbr1VCLVLOTxxN5mcsAYd55EZctvXyTDCok93yn3SHYFOZpVTCbA4gvt0uIQ%2FL191PabhjqtpOFvatf54x3hKuALgKxZyKu%2Bfn%2Bka72AXAMcNwGLWAsWjaTS55N9OKHforb3gdmWmg3%2F%2FVDVK7twbigaecmA16X5NCajiVrEVEfdyIAwIjsLjJAJ2obXRJkdNrTEmCh8Ev0nhRvrVi1kOXSbDsC64pvaflp35RfzoMWLiL9TNp85QRjE1ilv3ilkSpP%2BaBE%2Ba0KxT0diAF1f3dgke4NruHrqZUc8gfy9u2Re%2B1%2F9CT9hVX2m7VprEumg9sknLTewnv25q3b9xkyc%3D%20agentid%3DOraFusionApp_11AG%20ver%3D1%20crmethod%3D2%26cksum%3D2930a399bc255f0be90bf081f712f87d6f5498fc&ECID-Context=1.0061M1MituABt15LvQw0yX0002V30009us%3BkXjE HTTP/1.1Host: estm.login.em2.oraclecloud.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: OAMAuthnHintCookie=0@1694761190
Source: global traffic	HTTP traffic detected: GET /oam/server/obrareq.cgi?encquery%3D7TEjy9gVZGuHQ708VPEBUTl5NmmIGrYi4qE5h0STZrULmI%2BhOg3XRHvcFjvdXmAgCdrVXNCaMbkHqf54VdfV0%2FYLWsG6rxNiRrlRaI28OySodUtS6KFMemnGtcWTdNLO%2BM7pJKnhVtKWSH6yg3BLazT%2BFpxCR6ZvZzito8%2Fvbdft3fSQ3zouvwTlrCUSKrFs%2BZVzHP0WBEkzGYVRkIaocC5MW0b7FArtTgGs1Gyik5D70FvjeG%2BjBgrglQr1zzokxXr5ftPCJ9w2%2BS%2FSBu5pvQ9%2BzjENt4V99aOxjkEDaIS66gix79ibkJshoT%2Fpx%2Bv991SU7atNI%2F53q3MnIwJ6pL49CU7OuHC0Ej6uqXT3tHcTxAT7fL5P9%2BW8lXFhWmr10lLGhVenynXWUPIoSw7PkT7OljPw%2BFbFlm%2B%2F%2Ba3A9ycn7OkvD7TyHVkBqxukcpy4lWIuWrTjmmZU6ajGfz3dgYRN6vpZ3%2Bu80n7I23Ln41RUGkaswG891cvMrDCiZ8VSNiNCoFvZhNXzF77O3QbfkAWcw36fMeyniP2LuXvQJJ%2FScV7dSbdbjUOcQKWjPNn4f2K1mgYhk6ndvrxEW%2BRKKPh4PgAH0IxCcK49v%2B1sLxEktpSwMd3BgvWSfI5rYP7iv6DSEPtSUq1sWZOumUXzoaFk83VXti3m9f6Hh46%2FdP7hru1TIcWcTGAXxwQe8WDJCBSGtfIrZ0Hx8Anf2zAOSLYU5QtDM6mOVY77cINarOo%2BB6BK0zsY%2F9ByvLoxFxds6BbpXlzcnYmo4bTkbH4wYLgegEbv%2FG7z3Is3YvnVrLyqfx3STQor5D1GyKvxOQzLn243rkP5XVIvGFb%2FzXKQQK248FF9PgIiNMpb28x%2F1K4YFTFLFYvCzBN69LDkPKTH1axv7D8o2wYWB9VYyd1dmRXq9Y8NxqCrKMV8lz55sKVe5koCjDLIrvzB0htundmP%2FxwuaHY1BWGoPg7S1%2FvUNWOZk3BDeWAD%2BcWJXsSHqlw9vKiU6Z9H4Kbj0PkguTViiai3mJznrmTjEM%2Bk1%2FuMC3ev9huztHMC%2FnieCj4TULAma%2BfvFMkM9M6KPoVFo2ZE89jaMwkjQNIo9yLLVuYGoNk7ALC%2FcrGo975bzCmkuV4hTLGxYkRlM1mYr%2B5QyY6OPeuzFZrEbCSibby6Gmn9uY%2FnNe%2B4AZ0MJOFBNhUfhUnZA6S2W%2F4%2BUaGiw2lOK8A8oYKd7P8JzJwTBWZzhPyKcipKowgL6m%2BgtuwVZmyBYykjaNJs%2FcuoZlQ65E3c43MYz8PHySDuj0%2BDr8Fpm7iUTAo%2BUyItXIINwv82fKkAh%2Fwi3b7m0i3oxt6xSJA5M%2Fa7AhvCg5Zs%2FwGT5Y141GnHliTr%2BAwzpnPsno1mT5gcIzxRKaryQyPN4rIggwcuCd%2FeSoODtq0S1ej4OWPMzcuFLWerWM%2BBnOecqZvVd6uPifXq1jEql419EWszrm8YXVRbyvMyyg7oCFimJkpAnKOvuIIPjhLHZYfN7FbUWjjIFtGzZpiZi5pSTMJTAd8leb5Cc81y%2FGn8xmG4Mzqkq70BX2mqu6%2Bu7mPxCnhKMVxPjW87apg34sLeRqI%2BcryQa1gF4nDems2k%2Ba6usdDSuyAea9PcR7x2lOXYRWF1TWr6OaJILkdPj59FcsEv%2BxQPFfat%20agentid%3DOraFusionApp_11AG%20ver%3D1%20crmethod%3D2%26cksum%3D7ddff52ff72c01c2d41da0508e295c9ee36317b9&ECID-Context=1.0061M1MyRunBl35LvQw0yX0006Yr0002XA%3BkXjE HTTP/1.1Host: estm.login.em2.oraclecloud.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://estm.fa.em2.oraclecloud.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: OAMAuthnHintCookie=0@1694761190; OAM_ID=VERSION_5~bb0lhr7IX0VBkf4E1//+Zw==~EP2OAHpSKmPxBy/M56faI9sY0x2XFZ4CHo0BjgP1SnV3SJAeEUGdFWzCPRwNi0fewwnEPvyer7Ew45TTxa6FcR1qOwBHz8SW4gDJ06KSyWHBG+KbBOaXMuNJf4Qe2nXNmQinN/6AhAsYKyE0Dp9QmjgUYXDU5vOUcsIYpN9DCoVkNoNeu7+IsOsFKNy0E21qRJKlhqjWWHVeMYYvQ+DQfdh2+XG83aXE8Ru6aEuJTBAUAZXR
Source: global traffic	HTTP traffic detected: GET /snow/unified.html HTTP/1.1Host: partneragencies-logon.undp.orgConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://undpaccess.b2clogin.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://undpaccess.b2clogin.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /snow/css/common.css HTTP/1.1Host: partneragencies-logon.undp.orgConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://undpaccess.b2clogin.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /snow/unified.html HTTP/1.1Host: partneragencies-logon.undp.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /snow/assets/images/undp-logo.png HTTP/1.1Host: partneragencies-logon-t1.dev.undp.orgConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://undpaccess.b2clogin.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /snow/assets/images/SSO-background.jpg HTTP/1.1Host: partneragencies-logon-t1.dev.undp.orgConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://partneragencies-logon.undp.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /snow/assets/images/undp-logo.png HTTP/1.1Host: partneragencies-logon-t1.dev.undp.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /snow/assets/images/SSO-background.jpg HTTP/1.1Host: partneragencies-logon-t1.dev.undp.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: chromecache_103.1.dr	String found in binary or memory: http://getbootstrap.com)
Source: chromecache_104.1.dr, chromecache_100.1.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/bootstrap/3.3.5/css/bootstrap.min.css
Source: chromecache_103.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/fonts/segoeui.WOFF);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/fonts/segoeui_bold.WOFF);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/idp_logos/colored/amazon.svg);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/idp_logos/colored/apple.svg);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/idp_logos/colored/facebook.svg);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/idp_logos/colored/github.svg);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/idp_logos/colored/google.svg);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/idp_logos/colored/linkedin.svg);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/idp_logos/colored/local.svg);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/idp_logos/colored/microsoft.svg);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/idp_logos/colored/qq.svg);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/idp_logos/colored/twitter.svg);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/idp_logos/colored/wechat.svg);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/idp_logos/colored/weibo.svg);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/idp_logos/white/amazon.svg);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/idp_logos/white/apple.svg);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/idp_logos/white/facebook.svg);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/idp_logos/white/github.svg);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/idp_logos/white/google.svg);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/idp_logos/white/linkedin.svg);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/idp_logos/white/local.svg);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/idp_logos/white/microsoft.svg);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/idp_logos/white/qq.svg);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/idp_logos/white/twitter.svg);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/idp_logos/white/wechat.svg);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/idp_logos/white/weibo.svg);
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/images/SSO-background.jpg
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/images/Single-signon-page-background.jpg
Source: chromecache_101.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/images/left-arrow.svg);
Source: chromecache_100.1.dr	String found in binary or memory: https://partneragencies-logon-t1.dev.undp.org/snow/assets/images/undp-logo.png
Source: chromecache_104.1.dr, chromecache_100.1.dr	String found in binary or memory: https://partneragencies-logon.undp.org/snow/assets/images/undp-logo-blue.png
Source: chromecache_104.1.dr, chromecache_100.1.dr	String found in binary or memory: https://partneragencies-logon.undp.org/snow/assets/images/undp-logo.png
Source: chromecache_104.1.dr, chromecache_100.1.dr	String found in binary or memory: https://partneragencies-logon.undp.org/snow/css/common.css

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+904; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg; AEC=Ad49MVGiijyX5dxPFAKxKYso-rIS24Ht-Pxs5fU9hHrAzfASnm-jqdQE1g; NID=511=WyMJovC2uA2AEbHQkGfP-KDdYCeg5Q7Mv6gxYT-qeugtrnXImrhmp1SixwS4ydh_E8Z0hdfCLAXvg2WUqsBSfqpx5SFvCCoeGeevqlEfkoxYi9FTISb8Cu7rr5rf9PyyNbLqf2QbxG7ja7jAB6UJQd5CPvMGcYUasORCRKRL1-arNYzfADAWHJvBLXml-Km_uewDreOyJ-MjxAI-i38Tl6LXI3zB

Source: classification engine

Classification label: clean0.win@20/9@26/9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\chrome_BITS_5716_476727415

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 --field-trial-handle=1932,i,13765204371715178727,16123182670947399837,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://estm.fa.em2.oraclecloud.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 --field-trial-handle=1932,i,13765204371715178727,16123182670947399837,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\chrome_BITS_5716_476727415

Jump to behavior

Screenshots

Behavior

Click here to start
Slideshow Behavior Animation

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.40	part-0012.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.251.32.78	clients.l.google.com	United States	15169	GOOGLEUS	false
172.217.1.4	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
13.107.253.40	part-0012.t-0009.fb-t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.251.41.77	accounts.google.com	United States	15169	GOOGLEUS	false
147.154.177.203	fa-4486936C0AD0486A9D913121871ED57A.fa-origin.ocs.oraclecloud.com	United States	31898	ORACLE-BMC-31898US	false

Private

IP
192.168.2.1
192.168.2.4

Contacted Domains

Name	IP	Active
accounts.google.com	142.251.41.77	true
part-0012.t-0009.fb-t-msedge.net	13.107.253.40	true
fa-4486936C0AD0486A9D913121871ED57A.fa-origin.ocs.oraclecloud.com	147.154.177.203	true
www.google.com	172.217.1.4	true
part-0012.t-0009.t-msedge.net	13.107.246.40	true
clients.l.google.com	142.251.32.78	true
estm.login.em2.oraclecloud.com	unknown	unknown
clients2.google.com	unknown	unknown
estm.fa.em2.oraclecloud.com	unknown	unknown
undpaccess.b2clogin.com	unknown	unknown
partneragencies-logon.undp.org	unknown	unknown
partneragencies-logon-t1.dev.undp.org	unknown	unknown
ajax.aspnetcdn.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false	high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false	high
https://estm.login.em2.oraclecloud.com/oam/server/obrareq.cgi?encquery%3DKgv3GDyS6cMn%2FJYpZVjaFgRUbr1VCLVLOTxxN5mcsAYd55EZctvXyTDCok93yn3SHYFOZpVTCbA4gvt0uIQ%2FL191PabhjqtpOFvatf54x3hKuALgKxZyKu%2Bfn%2Bka72AXAMcNwGLWAsWjaTS55N9OKHforb3gdmWmg3%2F%2FVDVK7twbigaecmA16X5NCajiVrEVEfdyIAwIjsLjJAJ2obXRJkdNrTEmCh8Ev0nhRvrVi1kOXSbDsC64pvaflp35RfzoMWLiL9TNp85QRjE1ilv3ilkSpP%2BaBE%2Ba0KxT0diAF1f3dgke4NruHrqZUc8gfy9u2Re%2B1%2F9CT9hVX2m7VprEumg9sknLTewnv25q3b9xkyc%3D%20agentid%3DOraFusionApp_11AG%20ver%3D1%20crmethod%3D2%26cksum%3D2930a399bc255f0be90bf081f712f87d6f5498fc&ECID-Context=1.0061M1MituABt15LvQw0yX0002V30009us%3BkXjE	false	high
https://partneragencies-logon.undp.org/snow/unified.html	false	high
https://partneragencies-logon-t1.dev.undp.org/snow/assets/images/SSO-background.jpg	false	high
https://partneragencies-logon.undp.org/snow/css/common.css	false	high
https://partneragencies-logon-t1.dev.undp.org/snow/assets/images/undp-logo.png	false	high

ID:	1308742
Product:	CloudBasic
Start time:	08:58:55
Start date:	15.09.2023
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 100	HTML document, ASCII text, with very long lines (494)	515FD496B34910B27F4BEB1F0AA91CA8	D57C2DA5FB842C0F6873DAB8682C3FC60DD40541	1ACEEB02ED521B7EB7E4B78D829830ACA9C0F549CEBB92A2C8C4D998A75A2456
Chrome Cache Entry: 101	ASCII text, with very long lines (2700)	C3C242822C14392DEE0C693F5DDAAE00	B5465128E8703C430C428905AB8B69A3FEFC78FC	BAF9A77C5EB1137DA3119349C73F157C29D2703B6DB189D8FF76731B0F482728
Chrome Cache Entry: 102	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3	7B2939405E150A76442CC76897E51162	CB2FDE61D924B1B10212B9936E157510DB7F655A	093A2267FAA589DE3926B38693BDAB049724D55B8BFE8E06A66E4D1011987755
Chrome Cache Entry: 103	ASCII text, with very long lines (65371)	5D5357CB3704E1F43A1F5BFED2AEBF42	08DF9A96752852F2CBD310C30FACD934E348C2C5	31FBD99641C212A6AD3681A2397BDE13C148C0CCD98385BCE6A7EB7C81417D87
Chrome Cache Entry: 104	HTML document, ASCII text, with very long lines (494)	515FD496B34910B27F4BEB1F0AA91CA8	D57C2DA5FB842C0F6873DAB8682C3FC60DD40541	1ACEEB02ED521B7EB7E4B78D829830ACA9C0F549CEBB92A2C8C4D998A75A2456
Chrome Cache Entry: 105	PNG image data, 600 x 909, 8-bit/color RGBA, non-interlaced	40C701CFA1E0797BBAF3574530AA2746	82B8F4C361C961CF6573FAEAE89C1AFF2B88CE27	388EC4B644F77860DFB2E0BE798B48DC048D236CCBDC9DEDB3AA5168C530AE70
Chrome Cache Entry: 106	PNG image data, 600 x 909, 8-bit/color RGBA, non-interlaced	40C701CFA1E0797BBAF3574530AA2746	82B8F4C361C961CF6573FAEAE89C1AFF2B88CE27	388EC4B644F77860DFB2E0BE798B48DC048D236CCBDC9DEDB3AA5168C530AE70
Chrome Cache Entry: 107	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3	7B2939405E150A76442CC76897E51162	CB2FDE61D924B1B10212B9936E157510DB7F655A	093A2267FAA589DE3926B38693BDAB049724D55B8BFE8E06A66E4D1011987755
Chrome Cache Entry: 108	HTML document, ASCII text	260F2C2A3302E4B077B1EE6DAFE4EBFA	44F559AAE28BA7FECBAD941FFE9C8033E2447328	0F91A30F4273DFB8FA5EEB5146BBE89CC3BA0223D5C6B95B418B8D063F6B4BD0

Windows Analysis Report
http://estm.fa.em2.oraclecloud.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://estm.fa.em2.oraclecloud.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://estm.fa.em2.oraclecloud.com