Edit tour

Windows Analysis Report
http://demo.zeeroq.com

Overview

General Information

Sample URL:	http://demo.zeeroq.com
Analysis ID:	1335010

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Stores files to the Windows start menu directory

Creates files inside the system directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6968 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://demo.zeeroq.com/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3088 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1924,i,9849161422016407863,2465867292801969129,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• AV Detection
• Phishing
• Compliance
• Software Vulnerabilities
• Networking
• System Summary
• Boot Survival

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://ww1.zeeroq.com/search/tsc.php?200=NTA1Mjg1ODE2&21=MTU0LjE2LjQ5Ljgy&681=MTY5ODc3MjIyMjExYWFmYWM4NWMxNTI4ZWRlNTg5NWJkZmM0MjNhZDVj&crc=3d4a631e3f89c5763a6fb529690d4057593e89b3&cv=1

Avira URL Cloud: Label: malware

Source: https://www.google.com/afs/ads/i/iframe.html	HTTP Parser: No favicon
Source: https://www.google.com/sorry/index?continue=https://www.google.com/afs/ads%3Fadsafe%3Dlow%26adtest%3Doff%26psid%3D9618345430%26channel%3Dexp-0051%252Cauxa-control-1%252C516795%26client%3Ddp-sedo80_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fww1.zeeroq.com%252Fcaf%252F%253Fses%253DY3JlPTE2OTg3NzIyMjImdGNpZD13dzEuemVlcm9xLmNvbTY1NDEzNGZlNjMxMWM1Ljg1NzE1ODAyJnRhc2s9c2VhcmNoJmRvbWFpbj16ZWVyb3EuY29tJmFfaWQ9MyZzZXNzaW9uPWNuWmxjQzJwZUhXMGpkQU5kT20z%26type%3D3%26uiopt%3Dfalse%26swp%3Das-drid-2486365152940696%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300003%26format%3Dr3%257Cs%26nocache%3D7711698772222351%26num%3D0%26output%3Dafd_ads%26domain_name%3Dww1.zeeroq.com%26v%3D3%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D60%26dt%3D1698772222365%26u_w%3D1280%26u_h%3D1024%26biw%3D1263%26bih%3D907%26psw%3D1263%26psh%3D944%26frm%3D0%26cl%3D575837768%26uio%3D--%26cont%3Drb-default%26jsid%3Dcaf%26nfp%3D1%26jsv%3D575837768%26rurl%3Dhttp%253A%252F%252Fww1.zeeroq.com%252F&hl=en&q=EgSaEDFSGIDqhKoGIjAyWl5sVNP9bvskOUADUIbfgTMB3...	HTTP Parser: No favicon
Source: https://www.google.com/sorry/index?continue=https://www.google.com/afs/ads%3Fadsafe%3Dlow%26adtest%3Doff%26psid%3D9618345430%26channel%3Dexp-0051%252Cauxa-control-1%252C516795%26client%3Ddp-sedo80_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fww1.zeeroq.com%252Fcaf%252F%253Fses%253DY3JlPTE2OTg3NzIyMjImdGNpZD13dzEuemVlcm9xLmNvbTY1NDEzNGZlNjMxMWM1Ljg1NzE1ODAyJnRhc2s9c2VhcmNoJmRvbWFpbj16ZWVyb3EuY29tJmFfaWQ9MyZzZXNzaW9uPWNuWmxjQzJwZUhXMGpkQU5kT20z%26type%3D3%26uiopt%3Dfalse%26swp%3Das-drid-2486365152940696%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300003%26format%3Dr3%257Cs%26nocache%3D7711698772222351%26num%3D0%26output%3Dafd_ads%26domain_name%3Dww1.zeeroq.com%26v%3D3%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D60%26dt%3D1698772222365%26u_w%3D1280%26u_h%3D1024%26biw%3D1263%26bih%3D907%26psw%3D1263%26psh%3D944%26frm%3D0%26cl%3D575837768%26uio%3D--%26cont%3Drb-default%26jsid%3Dcaf%26nfp%3D1%26jsv%3D575837768%26rurl%3Dhttp%253A%252F%252Fww1.zeeroq.com%252F&hl=en&q=EgSaEDFSGIDqhKoGIjAyWl5sVNP9bvskOUADUIbfgTMB3...	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=normal&s=_i0krqJwv8O5O-LHi4zr2abmAos5DsM_1rQasjTs_omaIByx8k4wdTiesi8X7S5Xy_R0c3YjiNGnhq520TYEzxzAr5pZI_HQyXRDyJyKVRJ8TH1SMlhtEdB1iflHzpeVizJkzlG_wKr8-lCM6oB9W29giLoN3jV3RDupY0JVG5GOlBC4XOY0QzzOTrxp7W09caJUsaxKo6atvZVIkdNX2Lp5tu9jHtVsTge1Jw_CGaZ9P1VEPVDl9yg0JKjgfdcmAo-OlrzKtdBWXK3vtbCDt9g92sIXIzI&cb=zbbmfv2jtuo8	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b	HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49759 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49763 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 25MB

Source: unknown

HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49759 version: TLS 1.0

Source: unknown

DNS traffic detected: queries for: demo.zeeroq.com

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: demo.zeeroq.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ww1.zeeroq.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /templates/bg/arrows.png HTTP/1.1Host: img.sedoparking.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://ww1.zeeroq.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /templates/bg/arrows.png HTTP/1.1Host: img.sedoparking.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /search/tsc.php?200=NTA1Mjg1ODE2&21=MTU0LjE2LjQ5Ljgy&681=MTY5ODc3MjIyMjExYWFmYWM4NWMxNTI4ZWRlNTg5NWJkZmM0MjNhZDVj&crc=3d4a631e3f89c5763a6fb529690d4057593e89b3&cv=1 HTTP/1.1Host: ww1.zeeroq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://ww1.zeeroq.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /search/tsc.php?200=NTA1Mjg1ODE2&21=MTU0LjE2LjQ5Ljgy&681=MTY5ODc3MjIyMjExYWFmYWM4NWMxNTI4ZWRlNTg5NWJkZmM0MjNhZDVj&crc=3d4a631e3f89c5763a6fb529690d4057593e89b3&cv=1 HTTP/1.1Host: ww1.zeeroq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /templates/logos/sedo_logo.png HTTP/1.1Host: img.sedoparking.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://ww1.zeeroq.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /templates/logos/sedo_logo.png HTTP/1.1Host: img.sedoparking.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49763 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_6968_1180904706

Source: classification engine

Classification label: mal48.win@15/45@26/231

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://demo.zeeroq.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1924,i,9849161422016407863,2465867292801969129,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1924,i,9849161422016407863,2465867292801969129,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	2 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://demo.zeeroq.com	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://ww1.zeeroq.com/search/tsc.php?200=NTA1Mjg1ODE2&21=MTU0LjE2LjQ5Ljgy&681=MTY5ODc3MjIyMjExYWFmYWM4NWMxNTI4ZWRlNTg5NWJkZmM0MjNhZDVj&crc=3d4a631e3f89c5763a6fb529690d4057593e89b3&cv=1	100%	Avira URL Cloud	malware
http://demo.zeeroq.com/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	142.251.163.84	true	false	high
www3.l.google.com	172.253.122.101	true	false	high
vip1.g5.cachefly.net	205.234.175.175	true	false	high
www.google.com	142.251.16.147	true	false	high
clients.l.google.com	142.251.16.101	true	false	high
sedoparking.com	64.190.63.136	true	false	high
demo.zeeroq.com	64.91.240.248	true	false	unknown
clients1.google.com	unknown	unknown	false	high
img.sedoparking.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high
ww1.zeeroq.com	unknown	unknown	false	unknown
www.adsensecustomsearchads.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
about:blank	false		low
http://ww1.zeeroq.com/	false		unknown
http://img.sedoparking.com/templates/logos/sedo_logo.png	false		high
https://www.google.com/afs/ads/i/iframe.html	false		high
https://www.google.com/recaptcha/api2/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b	false		high
http://demo.zeeroq.com/	false	Avira URL Cloud: safe	unknown
http://img.sedoparking.com/templates/bg/arrows.png	false		high
http://ww1.zeeroq.com/	false		unknown
http://ww1.zeeroq.com/search/tsc.php?200=NTA1Mjg1ODE2&21=MTU0LjE2LjQ5Ljgy&681=MTY5ODc3MjIyMjExYWFmYWM4NWMxNTI4ZWRlNTg5NWJkZmM0MjNhZDVj&crc=3d4a631e3f89c5763a6fb529690d4057593e89b3&cv=1	true	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.251.111.99	unknown	United States	15169	GOOGLEUS	false
142.251.163.106	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
172.253.122.138	unknown	United States	15169	GOOGLEUS	false
64.190.63.136	sedoparking.com	United States	11696	NBS11696US	false
142.251.16.147	www.google.com	United States	15169	GOOGLEUS	false
172.253.63.95	unknown	United States	15169	GOOGLEUS	false
172.253.62.94	unknown	United States	15169	GOOGLEUS	false
172.253.63.94	unknown	United States	15169	GOOGLEUS	false
142.251.16.101	clients.l.google.com	United States	15169	GOOGLEUS	false
142.251.163.155	unknown	United States	15169	GOOGLEUS	false
205.234.175.175	vip1.g5.cachefly.net	United States	30081	CACHENETWORKSUS	false
172.253.122.101	www3.l.google.com	United States	15169	GOOGLEUS	false
172.253.122.94	unknown	United States	15169	GOOGLEUS	false
142.251.167.95	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
64.91.240.248	demo.zeeroq.com	United States	32244	LIQUIDWEBUS	false
142.250.31.94	unknown	United States	15169	GOOGLEUS	false
172.253.115.94	unknown	United States	15169	GOOGLEUS	false
142.251.163.84	accounts.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1335010
Start date and time:	2023-10-31 18:09:48 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://demo.zeeroq.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@15/45@26/231

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe
Excluded IPs from analysis (whitelisted): 172.253.115.94, 34.104.35.123, 142.251.163.155, 142.251.163.154, 142.250.31.94, 142.251.167.95, 142.250.31.95, 172.253.122.95, 172.253.63.95, 172.253.62.95, 142.251.163.95, 172.253.115.95, 142.251.16.95, 142.251.111.95, 172.253.122.94, 172.253.63.94
Excluded domains from analysis (whitelisted): partner46.googleadservices.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, slscr.update.microsoft.com, fonts.gstatic.com, partner.googleadservices.com, clientservices.googleapis.com, www.gstatic.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://demo.zeeroq.com

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 31 16:10:22 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9850293361719684
Encrypted:	false
SSDEEP:
MD5:	1B8CB6BFD9151A8F16306FA624442A39
SHA1:	8121A3A53563B50B6278A08723CE62EA658777A9
SHA-256:	DAC8030A85DFB5626E150DCC5E509976004AF0821AACEBB35AA0448B590BE4EE
SHA-512:	D9C47BBDB9E97909B03D30C60626CA77BA1C5C62A0DB433CD57A2AD67D5F64519980AC8511F15C68FCFDF8637B5DA6D943B1A7CCF1C7C83EAE886A76676F7352
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....2.."....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I_WB.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_WJ.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V_WJ.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V_WJ............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V_WL............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 31 16:10:22 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.00353497216554
Encrypted:	false
SSDEEP:
MD5:	5F00DFD17187BAC41DC7D3B1885CE60E
SHA1:	3140033B88686248BFCB8AC3042168BF9C08C727
SHA-256:	21B0B63502C0FA5EC1D5577AE7518442F616C1BF65334E60DBE31B7C8CEA8839
SHA-512:	D0A2782EBEFE78543E05BD5617DAD743F828BC6DDAA50D9F694B6FC48EB3D6CD5F71B98929E468211018C0F45EE299405F8C4FA429876B286BBFA0F4FB7C3886
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....#q."....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I_WB.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_WJ.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V_WJ.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V_WJ............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V_WL............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.009998064515182
Encrypted:	false
SSDEEP:
MD5:	7AAE4808977DD71AA9949F9CC45D7E70
SHA1:	B83D19BC5091171A58555EBF6A0F18EFE7115766
SHA-256:	3E94AB8E8FA58B50E61ED93F8E49EA1270540CA4974D74BE074398DFFCFBD5F2
SHA-512:	78C8205D4A306C9EC51FA3DA5D0B28A6DEBDAF77154F2EEAC409FEC6637B51BB1317898AF02F7337D319D4556AB30BB0DC93D91BACAD0DCB2332A5A4624ED9DE
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I_WB.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_WJ.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V_WJ.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V_WJ............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 31 16:10:22 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.001413978293645
Encrypted:	false
SSDEEP:
MD5:	44E11DA875B7F7A69BC1464C676B35B3
SHA1:	F7E426FCC36D643B2D64F4CC1DD880D745227F17
SHA-256:	CE173C82CA22CAE855E258AB5EB011F65D86DCB0D7708C8DAC3C860B5E208CC5
SHA-512:	45127D906748A0EABDF39588B05314D127E9F2AC856AE8B9ED6CA4B5B707D1E32FB841DCD58168F712F28CD8EBA662C845485F01A5B251A771457810214C8B90
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....}.."....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I_WB.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_WJ.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V_WJ.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V_WJ............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V_WL............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 31 16:10:22 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.989505083325706
Encrypted:	false
SSDEEP:
MD5:	282752C65DE96FAE92DE0B2A7F8FBC4D
SHA1:	D97E68183125F1C30C4C5F4791206D3FB04E02B0
SHA-256:	9682994FD6B46AEFD59FE30DB800DC8FAE31B74D02B438991084A2CAEEF86064
SHA-512:	9912590DA95368F8E168AEE3877FB3A937E94C2E225387B650260884E7DC012FED6BE67E916A4B6561C27427D6D8B24A213CAADF0DF4504123C1628FB1BA69FC
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....B.."....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I_WB.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_WJ.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V_WJ.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V_WJ............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V_WL............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 31 16:10:22 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9993129352828203
Encrypted:	false
SSDEEP:
MD5:	DC4AAA35EB074E265BCA0C1BA391ACB3
SHA1:	6554E6440256E2BA8F37B75A9E66F16B43A7764D
SHA-256:	CCE9216C2B6E26DC36D83966842451771A40677D9E2AB8AF1FC8C96ABA467333
SHA-512:	A53FC2FE3616ADEE811D4F3F57D20E29C5E8DE524A214E293024C2A16985186867D7E905DB645F252F42F80E7C194A3DEE8F03CEDAFECC1365AB303AB2856872
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....)Z."....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I_WB.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_WJ.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V_WJ.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V_WJ............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V_WL............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	32
Entropy (8bit):	4.476409765557392
Encrypted:	false
SSDEEP:
MD5:	A3144EE887752BC84252FAACD4DFFD83
SHA1:	172430F70BAEDA54BB9F533293E0E80A2DA5835D
SHA-256:	8B87CFF79D0F8142D02D4A5991C83A5D59A7733BCB0EBEDD0DE57E559C6EAEFB
SHA-512:	E366210709098991B8B21140DF48E50CD650E115A30A8A5EEC016B98B077C6DA3FEE972BA219409AD72E85BF575A033E1E9AAC7931B727E4BA15644AAC5349D3
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAm7tLNlSJJg7RIFDVNaR8USEAk8dqZYMe7mkRIFDVNaR8U=?alt=proto
Preview:	CgkKBw1TWkfFGgAKCQoHDVNaR8UaAA==

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1222), with no line terminators
Category:	downloaded
Size (bytes):	1222
Entropy (8bit):	5.828100110675676
Encrypted:	false
SSDEEP:
MD5:	68F5778BB66C4AC06605978930A34035
SHA1:	E18F1DD27F5CC9EEAFACF1ED38DE1E48E3F2C3E6
SHA-256:	8A6490634195538ADB0EA44280695523340F9C83EFF06AA606B5EEDF18AE7A41
SHA-512:	2B0B7E0799B27366EA50AB1F039A3F63DB90EC43A01A86B85394048B0A770C36F13D885369215DA339E3C33F30283185931849EAFD57A3020B0C394409B9E47D
Malicious:	false
Reputation:	low
URL:	https://www.google.com/recaptcha/api.js
Preview:	/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]\|\|{},N='grecaptcha';var gr=w[N]=w[N]\|\|{};gr.ready=gr.ready\|\|function(f){(cfg['fns']=cfg['fns']\|\|[]).push(f);};w['__recaptcha_api']='https://www.google.com/recaptcha/api2/';(cfg['render']=cfg['render']\|\|[]).push('onload');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true;var m=d.createElement('meta');m.httpEquiv='origin-trial';m.content='Az520Inasey3TAyqLyojQa8MnmCALSEU29yQFW8dePZ7xQTvSt73pHazLFTK5f7SyLUJSo2uKLesEtEa9aUYcgMAAACPeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcyNTQwNzk5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=';d.head.prepend(m);po.src='https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js';po.crossOrigin='anonymous';po.integrity='sha384-jmuBB3ajBz67HkD9EOwlByuyyxCYut7RyJGCbt+l

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.75
Encrypted:	false
SSDEEP:
MD5:	AFB69DF47958EB78B4E941270772BD6A
SHA1:	D9FE9A625E906FF25C1F165E7872B1D9C731E78E
SHA-256:	874809FB1235F80831B706B9E9B903D80BD5662D036B7712CC76F8C684118878
SHA-512:	FD92B98859FFCCFD12AD57830887259F03C7396DA6569C0629B64604CD964E0DF15D695F1A770D2E7F8DF238140F0E6DA7E7D176B54E31C3BB75DDE9B9127C45
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAk8dqZYMe7mkRIFDVNaR8U=?alt=proto
Preview:	CgkKBw1TWkfFGgA=

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (374), with no line terminators
Category:	downloaded
Size (bytes):	374
Entropy (8bit):	5.472945022139404
Encrypted:	false
SSDEEP:
MD5:	D395FBD035E79FDA1297BB4649B58BC4
SHA1:	B0F18020AAE8A1EB7A0E94BE374DA334637075FE
SHA-256:	01A06FEDF321FDC108A4A7B19A24A39178893C2330481CFA9A57DF3545F1D96B
SHA-512:	081256CDE5DDD3ED0F7CF600297670B9BA894042E39809484DA4F2FAE47AD9BBF9F81040A760BD122B0BF3CA03338EBFC04CF877FE5E22726DBC7400657DC670
Malicious:	false
Reputation:	low
URL:	https://partner.googleadservices.com/gampad/cookie.js?domain=ww1.zeeroq.com&client=dp-sedo80_3ph&product=SAS&callback=__sasCookie
Preview:	__sasCookie({"_cookies_":[{"_value_":"ID=e305dc23bbf9c07b:T=1698772223:RT=1698772223:S=ALNI_MbywvJVBxybNstW7Ph82zFpVvfShA","_expires_":1732468223,"_path_":"/","_domain_":"zeeroq.com","_version_":1},{"_value_":"UID=00000d9e02748ac1:T=1698772223:RT=1698772223:S=ALNI_MaczhZW7VTjdGArf7pZv6Yzh8Of3w","_expires_":1732468223,"_path_":"/","_domain_":"zeeroq.com","_version_":2}]});

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	102
Entropy (8bit):	4.89825889227644
Encrypted:	false
SSDEEP:
MD5:	26C4F76E985234506205B82E3E6E520F
SHA1:	987D32A005FD1A1BE9CC3A4F85796705BEADB340
SHA-256:	BD7E05751A03C3C81BF4F38808D12AF294F672494F6B9D7641AAF0DFBB5FB012
SHA-512:	6A409B3D8A5F55BDCCAE405D6F4FADF946723171B49DB3C93243D0E7723EBE490A02455B255AF3DC3F99BCD5735DA9ABF1084B3C83C357AA8A06154997644943
Malicious:	false
Reputation:	low
URL:	https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2
Preview:	importScripts('https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js');

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (1559)
Category:	downloaded
Size (bytes):	1560
Entropy (8bit):	5.351484495756339
Encrypted:	false
SSDEEP:
MD5:	5DCD4CF185DC313006FECF6D78AA9B4C
SHA1:	68BDB66BF48632902401EBD9346F11A785A43BEC
SHA-256:	0AD55B48EB16A2BA8590032305FD9FDAEEEF32FFB5EFE80C3703F5C4142B1C63
SHA-512:	4E659BA73168EFB680C9B8404A5678FC759456354530F01F0C08EE426EACDD99DDBEFE6DBFFC1A1811687804CC83D18496B13B8044E077516A67A59C9B894BBC
Malicious:	false
Reputation:	low
URL:	https://www.google.com/afs/ads/i/iframe.html
Preview:	<!doctype html><html><head><meta name="ROBOTS" content="NOINDEX, NOFOLLOW"><meta name="format-detection" content="telephone=no"><meta content="origin" name="referrer"></head><body><div id="adBlock"></div><script nonce="N-t8a8gsb2vzIzG0BDZkqg">if (window.name.match(/^{"name":"master-\d+"/)) {var script = document.createElement('script');script.src = "/adsense/search/ads.js";var href = window.location.href;if (!!href && (href.indexOf('?pac=') > 0 \|\| href.indexOf('&pac=') > 0)) {if (href.indexOf('?pac=1') > 0 \|\| href.indexOf('&pac=1') > 0) {script.src += '?pac=1';} else if (href.indexOf('?pac=2') > 0 \|\| href.indexOf('&pac=2') > 0) {script.src += '?pac=2';} else {script.src += '?pac=0';}}document.head.appendChild(script);window.IS_GOOGLE_AFS_IFRAME_ = true;}function populate(el) {var adBlock = document.getElementById('adBlock');adBlock.innerHTML += el;}function getMaster() {var m = null;var pIndex = window.name.indexOf('\|');if (pIndex > -1 && window.name.charAt(0) != '{') {try {m = window.

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
Category:	downloaded
Size (bytes):	15344
Entropy (8bit):	7.984625225844861
Encrypted:	false
SSDEEP:
MD5:	5D4AEB4E5F5EF754E307D7FFAEF688BD
SHA1:	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8
SHA-256:	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
SHA-512:	7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48
Malicious:	false
Reputation:	low
URL:	https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Preview:	wOF2......;........H..;..........................d..@..J.`..L.T..<.....x.....^...x.6.$..6. ..t. ..I.h\|.l....A....b6........(......@e.]...:..-.0..r.)..hS..h...N.).D.........b.].......^..t?.m{...."84...9......c...?..r3o....}...S]....zbO.../z..{.....~cc....I...#.G.D....#e.A..b...b`a5P.4........M....v4..fI#X.z,.,...=avy..F.a.\9.P\|.[....r.Q@M.I.._.9..V..Q..]......[ {u..L@...]..K......]C....l$.Z.Z...Zs.4........ x.........F.?.7N..].\|.wb\....Z{1L#..t....0.dM...$JV...{..oX...i....6.v.~......)\|.TtAP&).KQ.]y........'...:.d..+..d..."C.h..p.2.M..e,.UP..@.q..7..D.@...,......B.n. r&.......F!.....\...;R.?-.i...,7..cb../I...Eg...!X.)5.Aj7...Ok..l7.j.A@B`".}.w.m..R.9..T.X.X.d....S..`XI..1... .$C.H.,.\. ..A(.AZ.................`Wr.0]y..-..K.1.............1.tBs..n.0...9.F[b.3x...$....T..PM.Z-.N.rS?I.<8eR'.3..27..?;..OLf.Rj.@.o.W...........j~ATA....vX.N:.3dM.r.)Q.B...4i.f..K.l..s....e.U.2...k..a.GO.}..../.'..%$..ed..'..qP....M..j....../.z&.=...q<....-..?.A.%..K..

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (56398), with no line terminators
Category:	downloaded
Size (bytes):	56398
Entropy (8bit):	5.907604034780877
Encrypted:	false
SSDEEP:
MD5:	EB4BC511F79F7A1573B45F5775B3A99B
SHA1:	D910FB51AD7316AA54F055079374574698E74B35
SHA-256:	7859A62E04B0ACB06516EB12454DE6673883ECFAEAED6C254659BCA7CD59C050
SHA-512:	EC9BDF1C91B6262B183FD23F640EAC22016D1F42DB631380676ED34B962E01BADDA91F9CBDFA189B42FE3182A992F1B95A7353AF41E41B2D6E1DAB17E87637A0
Malicious:	false
Reputation:	low
URL:	https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css
Preview:	.goog-inline-block{position:relative;display:-moz-inline-box;display:inline-block}* html .goog-inline-block{display:inline}*:first-child+html .goog-inline-block{display:inline}.recaptcha-checkbox{border:none;font-size:1px;height:28px;margin:4px;width:28px;overflow:visible;outline:0;vertical-align:text-bottom}.recaptcha-checkbox-border{-webkit-border-radius:2px;-moz-border-radius:2px;border-radius:2px;background-color:#fff;border:2px solid #c1c1c1;font-size:1px;height:24px;position:absolute;width:24px;z-index:1}.recaptcha-checkbox-borderAnimation{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFQAAANICAYAAABZl8i8AAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAABIAAAASABGyWs+AAAACXZwQWcAAABUAAADSAC4K4y8AAA4oElEQVR42u2dCZRV1ZX3q5iE4IQIiKQQCKBt0JLEIUZwCCk7pBNFiRMajZrIl9aOLZ8sY4CWdkDbT2McooaAEmNixFhpaYE2dCiLScWiQHCgoGQoGQuhGArKKl7V+c5/n33fO/V4w733nVuheXuv9V/rrnvP2Xud3zvTPee+ewsKxMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExP4OdtlT6ztAbRWvvLy8A3QkwxzH6tBGMMexI

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	15086
Entropy (8bit):	3.090787153125625
Encrypted:	false
SSDEEP:
MD5:	DEF00C11B1596DB4EFEE6A9FBE64FC27
SHA1:	BD298981E6D8D7E4FFA18ABCF687041F4246672D
SHA-256:	95C427FA3143B1896FAF42A6406686CE7602CB39052081BB32D12B51C9E047E4
SHA-512:	C056E95DBFA1AAB3A50DFF18C6D577DBFFEA72C93316FFC53B6B7AA41DCC7707A810D563894589A7305DE0B76610F88150B2034670DE368773B2B356F14AD30F
Malicious:	false
Reputation:	low
URL:	http://img.sedoparking.com/templates/logos/sedo_logo.png
Preview:	......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......$...................................................@...@...@...........................@...A...A. .A. .A. .A...A. .A. .A...@.......................@...@...@...........................................................................@...@...@...............@...A...A.U.@...@...@..@..@..@..@..@...@...@...@..@..@..@..@...@.}.A.U.A. .@...........@...@...............................................................@...........@...A...@.j.@...@..@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@..@.}.A...........@...@...................................................@.......A. .@.}.@..@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...A.G.....@...@...........................................@.......A.U.@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@...@

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 426 x 475, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	12642
Entropy (8bit):	7.8475443744478905
Encrypted:	false
SSDEEP:
MD5:	6DC0BAD9AA452FF871B282DABD47131E
SHA1:	01411E6726E033240CAA3926141A6ADBC18A2D73
SHA-256:	3059FBD6CD3550047483DCA4071C93E5CF4CC79CE8BAFC4388166FBC5279644B
SHA-512:	A8533391F3487677D739F950A4EC26A2AC46B345462AA9E2B087C3CB7B7CD4049B5EEEA8C51A1687BA5193A1D5E8F8412A4226169D5E7991F8008666684B3467
Malicious:	false
Reputation:	low
URL:	http://img.sedoparking.com/templates/bg/arrows.png
Preview:	.PNG........IHDR....................pHYs.................sRGB.........gAMA......a...0.IDATx..._l\.y...=#J.I.3.mI.6:CI.......vs...j.......H..po......e_.n..v...go.NZ....rdqT ....U ....."6.8.\I...;.....s.3g.\|?.Ej8#.N1........cx.`......T. ~Zy..../..#%......<..:m>u...g..;;.#G...G.x......L..$.)...p..c.#VT.f...Y..z..@rhO...~......UB.?.'.G.U..d....../.$bl.%...3E..>.If..u.`v~$b...a..fW.~Qk9(..\|...W...... .[}.f3....:.RC.....?..E...U.........JF.....L..jOTy..U.."...pB(R.:W.....M[}s.^.....\|..._0..K...`.s.R....T....+....f.>N...V.=w..##.V..P.b2..........-.~.......t..H.H.Z^..2..U..j.+.T..t...Z..g?.,-b./"...==.YE.H.P..."`gG.^}.". .r.=^...(T!cv...Q.......0;.....9y.o.....B.........Ul......C.X^%...XQ.T..%t...?^..._....B..c.. 0.<o.[....f_..Ovv.c.. 0.......w.}....fG.@(L^5w..'.....Q..Q........~.[..v2r\XE.@....[...3E...H.@.l^ul...Q..,..).. J.j^.g.'0.c..x...<.....K_..~.....,X......?.....m..B%....h8.>..)c....I.....`.3...@..j..zc.g?......z.qm>..@.\|&

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2228
Entropy (8bit):	7.82817506159911
Encrypted:	false
SSDEEP:
MD5:	EF9941290C50CD3866E2BA6B793F010D
SHA1:	4736508C795667DCEA21F8D864233031223B7832
SHA-256:	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
SHA-512:	A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
Malicious:	false
Reputation:	low
URL:	https://www.gstatic.com/recaptcha/api2/logo_48.png
Preview:	.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6....Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6.....,xz.._......B."#...L(n..f..Yb....8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o..........x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.....-.A.}.......I .P.....S....\|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.\|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4\|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2067)
Category:	downloaded
Size (bytes):	150993
Entropy (8bit):	5.555269519363443
Encrypted:	false
SSDEEP:
MD5:	9D3DE16FFAF5349F74494395970AF904
SHA1:	90B0755BC85070D3B792DA70EB4FFC020D456463
SHA-256:	490ECD02BF2CF1B57342FE742C7FB181A3EF72CFF4DCFFBDA666BEC1FE8A394A
SHA-512:	1892A37B3D1BD7ABC44A5F01707301BE85474EB0EDEFF847377AEB8EA57D8374BD36364BB2D6786116467596E5EC983E3B33717C48A71A9BFDA1F848074FB683
Malicious:	false
Reputation:	low
URL:	https://www.google.com/adsense/domains/caf.js
Preview:	if(!window['googleNDT_']){window['googleNDT_']=(new Date()).getTime();}(function() {window.googleAltLoader=3;var sffeData_={service_host:"www.google.com",hash:"3933795532330278469",packages:"domains",module:"ads",version:"1",m:{cei:"17300003",ah:true,uatm:500,ecfc2:true,llrm:1000,lldl:"bS5zZWFycy5jb20=",abf:{"_fixCtcLinksOnIos":true,"_googEnableQup":true,"_useServerProvidedDomain":true,"_waitOnConsentForFirstPartyCookie":true,"enableEnhancedTargetingRsonc":true,"enableNonblockingSasCookie":true},mdp:1800000,ssdl:"YXBwc3BvdC5jb20sYmxvZ3Nwb3QuY29tLGJyLmNvbSxjby5jb20sY2xvdWRmcm9udC5uZXQsZXUuY29tLGhvcHRvLm9yZyxpbi5uZXQsdHJhbnNsYXRlLmdvb2csdWsuY29tLHVzLmNvbSx3ZWIuYXBw",rsm:0,cdh:""}};var m;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&gl

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (689)
Category:	downloaded
Size (bytes):	472856
Entropy (8bit):	5.666687796633482
Encrypted:	false
SSDEEP:
MD5:	4EFC45F285352A5B252B651160E1CED9
SHA1:	C7BA19E7058EC22C8D0F7283AB6B722BB7A135D7
SHA-256:	253627A82794506A7D660EE232C06A88D2EAAFB6174532F8C390BB69ADE6636A
SHA-512:	CFC7AAE449B15A8B84F117844547F7A5C2F2DD4A79E8B543305AE83B79195C5A6F6D0CCF6F2888C665002B125D9569CD5C0842FDD2F61D2A2848091776263A39
Malicious:	false
Reputation:	low
URL:	https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright 2005, 2007 Bob Ippolito. All Rights Reserved.. Copyright The Closure Library Authors.. SPDX-License-Identifier: MIT././.. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var t=function(){return[function(z,c,l,w,O,n,E,B){if(E=[28,4,2],(z&91)==z){n='<div class="'+X[O=["Tap the center of the <strong>cars</strong>","Tap the center of the <strong>street signs</strong>","rc-imageselect-desc-no-canonical"],40](61,O[E[2]])+c;switch(I[E[1]](E[0],w)?w.toString():w){case "TileSelectionStreetSign":n+=O[1];break;case "/m/0k4j":n+=O[0];break;case "/m/04w67_":n+="Tap the center of the <strong>mail boxes</strong>"}B=M(n+l)}if(12<=(z<<1&(z+E[1]>>E[1]<E[1]&&5<=((z^38)&15)&&(this.I=.c),(z\|16)==z&&(oG.call(this,c.eJ),this.type="action"),15))&&14>((z^10)&15))T[E[0]](22,function(H,x){T[20](8,this,x,H)},c,l);return B},functi

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://demo.zeeroq.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 74

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Static File Info

Windows Analysis Report
http://demo.zeeroq.com