Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://m.exactag.com/ai.aspx?tc=d9912543bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253AW0S.sdscondo.com/index.xml%23?email=cGV0ZXIuYnJvd24yM0Bxci5jb20uYXU=

Overview

General Information

Sample URL:	https://m.exactag.com/ai.aspx?tc=d9912543bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253AW0S.sdscondo.com/index.xml%23?email=cGV0ZXIuYnJvd24yM0Bxci5jb20uYXU=
Analysis ID:	1467923
Infos:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish10

HTML body contains low number of good links

HTML body contains password input but no form action

HTML body with high number of embedded images detected

HTML page contains hidden URLs or javascript code

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 7112 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://m.exactag.com/ai.aspx?tc=d9912543bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253AW0S.sdscondo.com/index.xml%23?email=cGV0ZXIuYnJvd24yM0Bxci5jb20uYXU= MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6216 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1952,i,15207102102750541812,14418396346621277178,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
1.5.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.6.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://seattlecanceralliance.msk.ru

LLM: Score: 9 brands: Microsoft Reasons: The URL 'https://seattlecanceralliance.msk.ru' does not match the legitimate domain for Microsoft, which is 'microsoft.com'. The domain 'msk.ru' is unrelated to Microsoft and is suspicious. The webpage displays a prominent login form that mimics Microsoft's login page, which is a common social engineering technique used in phishing attacks. Additionally, the presence of a suspicious link ('No account? Create one!') that could potentially lead to a harmful site further indicates phishing. The combination of these factors strongly suggests that this is a phishing site. DOM: 1.5.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 1.5.pages.csv, type: HTML
Source: Yara match	File source: 1.6.pages.csv, type: HTML

Source: https://seattlecanceralliance.msk.ru/VQzOs/#Dpeter.brown23@qr.com.au

HTTP Parser: Number of links: 0

Source: https://seattlecanceralliance.msk.ru/VQzOs/#Dpeter.brown23@qr.com.au

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://seattlecanceralliance.msk.ru/VQzOs/#Dpeter.brown23@qr.com.au

HTTP Parser: Total embedded image size: 45708

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rl8h7/0x4AAAAAAAeFGSjCrwDJF1g2/auto/normal

HTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rl8h7/0x4AAAAAAAeFGSjCrwDJF1g2/auto/normal

Source: https://seattlecanceralliance.msk.ru/VQzOs/#Dpeter.brown23@qr.com.au

HTTP Parser: Title: garlic does not match URL

Source: https://seattlecanceralliance.msk.ru/VQzOs/#Dpeter.brown23@qr.com.au

HTTP Parser: <input type="password" .../> found

Source: https://seattlecanceralliance.msk.ru/VQzOs/#Dpeter.brown23@qr.com.au	HTTP Parser: No favicon
Source: https://seattlecanceralliance.msk.ru/VQzOs/#Dpeter.brown23@qr.com.au	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rl8h7/0x4AAAAAAAeFGSjCrwDJF1g2/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rl8h7/0x4AAAAAAAeFGSjCrwDJF1g2/auto/normal	HTTP Parser: No favicon
Source: https://seattlecanceralliance.msk.ru/VQzOs/#Dpeter.brown23@qr.com.au	HTTP Parser: No favicon
Source: https://seattlecanceralliance.msk.ru/VQzOs/#Dpeter.brown23@qr.com.au	HTTP Parser: No favicon

Source: https://seattlecanceralliance.msk.ru/VQzOs/#Dpeter.brown23@qr.com.au	HTTP Parser: No <meta name="author".. found
Source: https://seattlecanceralliance.msk.ru/VQzOs/#Dpeter.brown23@qr.com.au	HTTP Parser: No <meta name="author".. found

Source: https://seattlecanceralliance.msk.ru/VQzOs/#Dpeter.brown23@qr.com.au	HTTP Parser: No <meta name="copyright".. found
Source: https://seattlecanceralliance.msk.ru/VQzOs/#Dpeter.brown23@qr.com.au	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49742 version: TLS 1.2

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /index.xml HTTP/1.1Host: w0s.sdscondo.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /index.xslt HTTP/1.1Host: w0s.sdscondo.comConnection: keep-aliveAccept: text/css,/;q=0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://w0s.sdscondo.com/index.xmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: w0s.sdscondo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://w0s.sdscondo.com/index.xmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: m.exactag.com
Source: global traffic	DNS traffic detected: DNS query: w0s.sdscondo.com
Source: global traffic	DNS traffic detected: DNS query: seattlecanceralliance.msk.ru
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: chbriggs.msk.su
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Jul 2024 00:58:34 GMTServer: ApacheContent-Length: 315Keep-Alive: timeout=5, max=98Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49742 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@18/16@24/193

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://m.exactag.com/ai.aspx?tc=d9912543bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253AW0S.sdscondo.com/index.xml%23?email=cGV0ZXIuYnJvd24yM0Bxci5jb20uYXU=
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1952,i,15207102102750541812,14418396346621277178,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1952,i,15207102102750541812,14418396346621277178,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://m.exactag.com/ai.aspx?tc=d9912543bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253AW0S.sdscondo.com/index.xml%23?email=cGV0ZXIuYnJvd24yM0Bxci5jb20uYXU=	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
tp-emea.exactag.com	0%	Virustotal		Browse
m.exactag.com	0%	Virustotal		Browse
challenges.cloudflare.com	0%	Virustotal		Browse
cdnjs.cloudflare.com	0%	Virustotal		Browse
www.google.com	0%	Virustotal		Browse
a.nel.cloudflare.com	0%	Virustotal		Browse
code.jquery.com	1%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://w0s.sdscondo.com/favicon.ico	0%	Avira URL Cloud	safe
http://w0s.sdscondo.com/index.xml	0%	Avira URL Cloud	safe
http://w0s.sdscondo.com/index.xslt	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	0%, Virustotal, Browse	unknown
code.jquery.com	151.101.130.137	true	false	1%, Virustotal, Browse	unknown
cdnjs.cloudflare.com	104.17.24.14	true	false	0%, Virustotal, Browse	unknown
challenges.cloudflare.com	104.17.2.184	true	false	0%, Virustotal, Browse	unknown
www.google.com	142.250.186.164	true	false	0%, Virustotal, Browse	unknown
chbriggs.msk.su	104.21.43.200	true	false		unknown
tp-emea.exactag.com	85.14.248.91	true	false	0%, Virustotal, Browse	unknown
seattlecanceralliance.msk.ru	172.67.161.19	true	true		unknown
w0s.sdscondo.com	103.83.194.55	true	false		unknown
m.exactag.com	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rl8h7/0x4AAAAAAAeFGSjCrwDJF1g2/auto/normal	false		unknown
http://w0s.sdscondo.com/index.xml#?email=cGV0ZXIuYnJvd24yM0Bxci5jb20uYXU=	false		unknown
http://w0s.sdscondo.com/favicon.ico	false	Avira URL Cloud: safe	unknown
http://w0s.sdscondo.com/index.xslt	false	Avira URL Cloud: safe	unknown
http://w0s.sdscondo.com/index.xml	false	Avira URL Cloud: safe	unknown
https://seattlecanceralliance.msk.ru/VQzOs/#Dpeter.brown23@qr.com.au	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.110.84	unknown	United States		15169	GOOGLEUS	false
104.17.24.14	cdnjs.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
142.250.186.78	unknown	United States		15169	GOOGLEUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
103.83.194.55	w0s.sdscondo.com	United States		132335	NETWORK-LEAPSWITCH-INLeapSwitchNetworksPvtLtdIN	false
172.67.161.19	seattlecanceralliance.msk.ru	United States		13335	CLOUDFLARENETUS	true
85.14.248.91	tp-emea.exactag.com	Germany		24961	MYLOC-ASIPBackboneofmyLocmanagedITAGDE	false
104.17.3.184	unknown	United States		13335	CLOUDFLARENETUS	false
151.101.130.137	code.jquery.com	United States		54113	FASTLYUS	false
216.58.206.35	unknown	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
142.250.185.142	unknown	United States		15169	GOOGLEUS	false
142.250.186.164	www.google.com	United States		15169	GOOGLEUS	false
104.21.43.200	chbriggs.msk.su	United States		13335	CLOUDFLARENETUS	false
142.250.184.227	unknown	United States		15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States		15169	GOOGLEUS	false
172.67.184.176	unknown	United States		13335	CLOUDFLARENETUS	false
104.17.2.184	challenges.cloudflare.com	United States		13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1467923
Start date and time:	2024-07-05 02:58:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://m.exactag.com/ai.aspx?tc=d9912543bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253AW0S.sdscondo.com/index.xml%23?email=cGV0ZXIuYnJvd24yM0Bxci5jb20uYXU=
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@18/16@24/193

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.227, 142.250.110.84, 142.250.185.142, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information

LLM Input / Output

Input	Output
URL: https://seattlecanceralliance.msk.ru/VQzOs/#Dpeter.brown23@qr.com.au Model: Perplexity: mixtral-8x7b-instruct	{"loginform": true,"urgency": false,"captcha": false,"reasons": ["The webpage contains a login form which explicitly requests sensitive information such as email addresses and passwords.","There is no sense of urgency created in the text.","There is no CAPTCHA or anti-robot detection mechanism present on the webpage."]}
Title: garlic OCR: Microsoft Sign in peter.brown23@qr.com.au No account? Create one! Can't access pur account? Next Sign-in options Terms of use Privacy & ckies
URL: https://seattlecanceralliance.msk.ru Model: gpt-4o	```json{ "phishing_score": 9, "brands": "Microsoft", "phishing": true, "suspicious_domain": true, "has_prominent_loginform": true, "has_captcha": false, "setechniques": true, "has_suspicious_link": true, "legitmate_domain": "microsoft.com", "reasons": "The URL 'https://seattlecanceralliance.msk.ru' does not match the legitimate domain for Microsoft, which is 'microsoft.com'. The domain 'msk.ru' is unrelated to Microsoft and is suspicious. The webpage displays a prominent login form that mimics Microsoft's login page, which is a common social engineering technique used in phishing attacks. Additionally, the presence of a suspicious link ('No account? Create one!') that could potentially lead to a harmful site further indicates phishing. The combination of these factors strongly suggests that this is a phishing site."}

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 4 23:58:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.98897619252892
Encrypted:	false
SSDEEP:
MD5:	B174E78ABB3CD2270FA447830198B52C
SHA1:	07052D79600DA02D1985CB04426ACC88E9B199A3
SHA-256:	493DD4470475F342C084C8DC7FD8CD50B83FC3200084E4D112BBDB6F3F9609CC
SHA-512:	795310F4E7661262867F91E6A15946C5340C2317DFBFA01DFE718EB164551046FA10C739B6ACA9C2040C4CF4EA62257837F2BE5CC798FC7813E32D80E16D99B3
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....uv...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XI.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XP.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XP.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XP............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XQ............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 4 23:58:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.005721442201046
Encrypted:	false
SSDEEP:
MD5:	DCEB36DA31130D589E2319FE828C4703
SHA1:	A0FF2E27A7EE55D1E13650E8CEAAF1666140D775
SHA-256:	17D1D92AD3BAAD969411E2E0140E44A3C28FF11FE862313874CD5146C01826A2
SHA-512:	44FF4BFD7779F9272FF29DE9261DD549521210622312BEB538E1247AFB35E01991EF931A2EA473C4922EE6DA48C64761B508D0EC0E8F557535A06BA8422D36F3
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....9..uv...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XI.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XP.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XP.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XP............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XQ............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.010677026883373
Encrypted:	false
SSDEEP:
MD5:	94023024129F454ABE3428EF700EDC2D
SHA1:	6FCAEDBA51F0E2C1D9616116A766401932ED82EA
SHA-256:	1EDB8F3C4C8B91D9B3032E78F0497561CA016B77CA965656F59F7A2E95B9DD3A
SHA-512:	5D300CF9413CE0D658D3D619A1B0C2E1B214B8F5E3B37AC242037C119834BDA3DE0A1E31E26C0B5F1ECE9E43679B76AC06632EB8BD7EB6D40F7A5825CE3CE488
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XI.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XP.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XP.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XP............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 4 23:58:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.003316824704855
Encrypted:	false
SSDEEP:
MD5:	59BF715D2AF486297E9536477381BB9C
SHA1:	650E3682DE20633E7DD15B13D2579A6C95A4FB48
SHA-256:	961226D3B4149F18FA3C4D4FF88908B77571F9E4027E5CDE4FD68551FC08D9A7
SHA-512:	BD587FD95E0D88C227BD39CB2462F698CCD8FFBBB82E0827732966C8069DDE667CD2512CCD1E8A2A2CC9CFEF01042CA732CF15A32CB4D54BAD3AB25CF9974B44
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....uv...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XI.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XP.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XP.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XP............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XQ............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 4 23:58:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9934661198767483
Encrypted:	false
SSDEEP:
MD5:	B8B80A638A30F6F31D0B297FE084C835
SHA1:	50FD7817BFC02E695518261D86D8090634511269
SHA-256:	7BE93327216202D46FD440257EFFAA45A2DB7F335DEA03110C2A4C80A3123731
SHA-512:	1695DCF1A53886702A98E1900EB143F57183F879A27C2763C2CFCD827D0C5F7EC39B196721263BAFCA7365E229FA82BC8B0FDFAB1A54E126A662E454339E41F6
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......uv...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XI.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XP.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XP.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XP............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XQ............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 4 23:58:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.001519332237312
Encrypted:	false
SSDEEP:
MD5:	2C8886D5BF89D1AE57210FF8A67C267A
SHA1:	0B4F0B9EB24F4B009DB4592C886DB688ACD02050
SHA-256:	AC5FBAD41E7E944D16C13A86180DF729C16D349AE834D390A09FF6D2537D5123
SHA-512:	C682B56DC87721DBCD4ABE2BD6AA755C82C98AAE53B5873CE4AF0B69B4C3A2C52541A265F62F0D1DC7A943D6AAB374A208B7BE86F7F3B6CAB22662D3A511A909
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......\|uv...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XI.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XP.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XP.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XP............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XQ............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 65

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (433), with CRLF line terminators
Category:	dropped
Size (bytes):	6962
Entropy (8bit):	4.669009875702007
Encrypted:	false
SSDEEP:
MD5:	598F6D28B154EBE0875521C6A204C0B1
SHA1:	210940CFF866A3A0E6F5665702F7A9225D97F31B
SHA-256:	D16647189808EC0E43B54FF5FDE707077CE0639ECA7BC9BD09214A53C0250D12
SHA-512:	BB8C21B446BA3D9D223B239DF1EC1F0D3BE455036746A5B88CC417B5B2516E2EFEAB738515B6A72A668779A7BFB8A94876AAAE9CFFC1D9CC62047A44564C423D
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Supercar Society - chbriggs.msk.su</title>.. <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">.. <style>.. body {.. padding-top: 56px;.. background-color: #f8f9fa;.. }.. .hero {.. background: url('https://www.topgear.com/sites/default/files/2021/12/18.%20Koenigsegg%20Jesko.jpeg') no-repeat center center;.. background-size: cover;.. color: white;.. padding: 150px 0;.. text-align: center;.. }.. .content-section {.. padding: 60px 0;.. }.. .footer {.. background: #343a40;.. color: white;.. padding: 20px

Chrome Cache Entry: 67

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	1249
Entropy (8bit):	5.242453121762845
Encrypted:	false
SSDEEP:
MD5:	F58515DFE987F7E027C8A71BBC884621
SHA1:	BEC6AEBF5940EA88FBBFF5748D539453D49FA284
SHA-256:	679E7E62B81267C93D0778083AE0FD0EFE24172FF0AC581835B54165B3D9ED43
SHA-512:	F085346A38318F7935D76909DB0367862924CC9B0D96256F7FF4E8999C041E610BBCDE8CA56C92673BDE0991C85E9C9D9B6726ABD91D0C3177462C80D4A99140
Malicious:	false
Reputation:	unknown
URL:	https://seattlecanceralliance.msk.ru/favicon.ico
Preview:	<!DOCTYPE html>.<html style="height:100%">.<head>.<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">.<title> 404 Not Found..</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head>.<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">.<div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">. <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1>.<h2 style="margin-top:20px;font-size: 30px;">Not Found..</h2>.<p>The resource requested could not be found on this server!</p>.</div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px

Chrome Cache Entry: 68

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1836
Entropy (8bit):	4.062203115466102
Encrypted:	false
SSDEEP:
MD5:	418C3E509F508EA9071A0653EF0D8386
SHA1:	559D54907BA3E18EA4AEF111231391988E662225
SHA-256:	65C92682D4C37542C90D1E2692E15FBA6960F4CB66EC91D4F82EF3404E89127A
SHA-512:	C1E5D6FCDAC2FCC654B115EF02902857F12D8B76E051B921A31AE8552C43DCF09E234EBC4DF0005E7C11AF6B5E8BB5B8C5101FAA218F2AE7BEDCA3FCE0F80EA2
Malicious:	false
Reputation:	unknown
URL:	http://w0s.sdscondo.com/index.xslt
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">.. <xsl:template match="/">.. <html lang="en">.. <head>.. <meta charset="UTF-8"/>.. <meta name="viewport" content="width=device-width, initial-scale=1.0"/>.. <title>File loading</title>.. <script>.. <![CDATA[.. // Function to get the value of a parameter from the URL.. function getParameterByName(name, url) {.. if (!url) url = window.location.href;.. name = name.replace(/[\[\]]/g, "\\$&");.. var regex = new RegExp("[?&]" + name + "(=([^&#]*)\|&\|#\|$)"),.. results = regex.exec(url);.. if (!results) return null;.. if (!results[2]) return '';..

Chrome Cache Entry: 70

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (47992), with no line terminators
Category:	downloaded
Size (bytes):	47992
Entropy (8bit):	5.605846858683577
Encrypted:	false
SSDEEP:
MD5:	CF3402D7483B127DED4069D651EA4A22
SHA1:	BDE186152457CACF9C35477B5BDDA5BCB56B1F45
SHA-256:	EAB5D90A71736F267AF39FDF32CAA8C71673FD06703279B01E0F92B0D7BE0BFC
SHA-512:	9CE42EBC3F672A2AEFC4376F43D38CA9ED9D81AA5B3C1EEF60032BCC98A1C399BE68D71FD1D5F9DE6E98C4CE0B800F6EF1EF5E83D417FBFFA63EEF2408DA55D8
Malicious:	false
Reputation:	unknown
URL:	https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
Preview:	!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var h,t,e,r,i,n,f,o,s,c,a,l,d,m,x,b,H,z,A,u,p,_,v,y,g,B,w,k,S,C,D,E,R,M,F,P,W,O,I,U,K,X,L,j,N,T,q,Z,V,G,J,$,Q,Y,tt,et,rt,it,nt,ot,st,ct,at,ht,lt,ft,dt,ut,pt,_t,vt,yt,gt,Bt,wt,kt,St,bt=bt\|\|function(l){var t;if("undefined"!=typeof window&&window.crypto&&(t=window.crypto),!t&&"undefined"!=typeof window&&window.msCrypto&&(t=window.msCrypto),!t&&"undefined"!=typeof global&&global.crypto&&(t=global.crypto),!t&&"function"==typeof require)try{t=require("crypto")}catch(t){}function i(){if(t){if("function"==typeof t.getRandomValues)try{return t.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof t.randomBytes)try{return t.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")}var r=Object.create\|\|function(t){var e;return n.prototype=t,e=new n,n.prototype=null

Chrome Cache Entry: 71

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	unknown
URL:	http://w0s.sdscondo.com/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 72

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 85 x 52, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	4.068159130770307
Encrypted:	false
SSDEEP:
MD5:	F14737B6EEF3032313A47C0E88411F50
SHA1:	A2F16BCE4FA5294736A97C3A36ED0F68465EBD22
SHA-256:	091E6B114C4CAECE81B9D2EBE1E6B6BD4BB7DB994BD26DDF998D0FA6B744DB16
SHA-512:	D08167DCF58C3A28467B3CBE28B128471432AB80BC5C2256B428ABA6177BF39F1B5547DCD23156788DAB9EB064EBD7B36CF882F0C2C9AF1E2420AC155B9957FB
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/89e368636a230c9c/1720141119729/OmtrBnMb8osw-QK
Preview:	.PNG........IHDR...U...4.....t?......IDAT.....$.....IEND.B`.

Chrome Cache Entry: 73

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 74

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	103
Entropy (8bit):	4.808450134624332
Encrypted:	false
SSDEEP:
MD5:	328B36F3E853F18414C9D33100BFA9B1
SHA1:	C5D11427ACD01AE1F5AAC5DC1728A4A72B2153AB
SHA-256:	E10719ECF4042E2967B26288AF9C2AC5FB64DAC240C380E826721F22B9B6ED36
SHA-512:	80F17CE046F77D866B9AB880E61B7FFDE0681ECE5406B1B9AA127CC2DAB6BA1D5E91325DFDFB032A67AB57E9390144ABCC1C83972BD89DF47410556F60A097F9
Malicious:	false
Reputation:	unknown
URL:	http://w0s.sdscondo.com/index.xml
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<?xml-stylesheet type="text/xsl" href="index.xslt"?>..<root/>..

Chrome Cache Entry: 75

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (42690)
Category:	downloaded
Size (bytes):	42691
Entropy (8bit):	5.373060430099094
Encrypted:	false
SSDEEP:
MD5:	985094F1486391033426C17505182792
SHA1:	D44FF6BEF2E3D9B2F6DEAA0170458B1AE39350D4
SHA-256:	14B108C7F687C327D6AA759FD1D255A981D5D505B241B5B968B674E3BF50B2B9
SHA-512:	D1A8015658A82AE64F2E93341B8CA15B0057DF298DF36ACB47188B330E0327CFE0392EE1FF94B9D3BE7BC7D689BDD536A86ADB873A7ADEDE10AE45AA9A9415DB
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/turnstile/v0/g/d2a97f6b6ec9/api.js
Preview:	"use strict";(function(){function Et(e,a,r,o,c,u,g){try{var b=e[u](g),_=b.value}catch(l){r(l);return}b.done?a(_):Promise.resolve(_).then(o,c)}function wt(e){return function(){var a=this,r=arguments;return new Promise(function(o,c){var u=e.apply(a,r);function g(_){Et(u,o,c,g,b,"next",_)}function b(_){Et(u,o,c,g,b,"throw",_)}g(void 0)})}}function M(e,a){return a!=null&&typeof Symbol!="undefined"&&a[Symbol.hasInstance]?!!a[Symbol.hasInstance](e):M(e,a)}function Re(e,a,r){return a in e?Object.defineProperty(e,a,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[a]=r,e}function Be(e){for(var a=1;a<arguments.length;a++){var r=arguments[a]!=null?arguments[a]:{},o=Object.keys(r);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(r).filter(function(c){return Object.getOwnPropertyDescriptor(r,c).enumerable}))),o.forEach(function(c){Re(e,c,r[c])})}return e}function fr(e,a){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Chrome Cache Entry: 76

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	unknown
URL:	https://code.jquery.com/jquery-3.6.0.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Static File Info

⊘No static file info