Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://support.microsoft.com/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44

Overview

General Information

Sample URL:	https://support.microsoft.com/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44
Analysis ID:	1499774

Detection

HTMLPhisher

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish54

Detected non-DNS traffic on DNS port

Form action URLs do not match main URL

Found iframes

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 6280 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://support.microsoft.com/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6848 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1952,i,18210241806924396800,9894628172845726188,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8040 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4312 --field-trial-handle=1952,i,18210241806924396800,9894628172845726188,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
0.1.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish54

Source: Yara match

File source: 0.1.pages.csv, type: HTML

Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44

HTTP Parser: Form action: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638603619332235697.NzlkZjcxMTUtMmJlMC00OGI4LTk3ZmYtNDdiZmNiM2NhOTdlY2M4NjU1YTQtYTBiMi00MzgwLWI3N2EtMzY5ZjY1N2Y0MzBm&prompt=none&nopa=2&state=CfDJ8LWN6nmb9HBGpcIJvpEgkL3zHAF6ZDuQpomPbNWHh1UtaxsTT51t0jSTTnbU_r9HJ8YOvHXlxEBJEA8jv1QyP-8DJHn96R1SagZoJt0o90FbK3f7dGjMU4-M2ydxI9q8xxPmX3p_BlfMFRQB05mvd6jp6TjoC8bXgEgAcuN4G-0M8DBcG5lpp-0Om-tDfwXXI6XUgedRZB1L7GG2ArVKKMAvJ2R-EW5WXVxXG_V6cJaxPTP1ITDdmHtWXLjXgI2uV28A9CGFAHSp0RvXeV9-GTcqLaX8nuTHwh_QJLZjsZEWDldAfbWmM8JIfCB0eNYUXxIkPMrl6hOolcHKQaAUfzA9WPCVrsNyVbgS3xxaav3Y&x-client-SKU=ID_NET6_0&x-client-ver=7.6.0.0&sso_reload=true microsoft microsoftonline

Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44

HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3

Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44

HTTP Parser: Number of links: 0

Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44

HTTP Parser: Base64 decoded: 79df7115-2be0-48b8-97ff-47bfcb3ca97ecc8655a4-a0b2-4380-b77a-369f657f430f

Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44

HTTP Parser: Title: Redirecting does not match URL

Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44	HTTP Parser: No favicon
Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44	HTTP Parser: No favicon
Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44	HTTP Parser: No favicon

Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44	HTTP Parser: No <meta name="author".. found
Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44	HTTP Parser: No <meta name="author".. found

Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44	HTTP Parser: No <meta name="copyright".. found
Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 173.223.108.114:443 -> 192.168.2.16:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.223.108.114:443 -> 192.168.2.16:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.16:49812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49847 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49850 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49862 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49954 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49788 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 173.223.108.114
Source: unknown	TCP traffic detected without corresponding DNS query: 173.223.108.114
Source: unknown	TCP traffic detected without corresponding DNS query: 173.223.108.114
Source: unknown	TCP traffic detected without corresponding DNS query: 173.223.108.114
Source: unknown	TCP traffic detected without corresponding DNS query: 173.223.108.114
Source: unknown	TCP traffic detected without corresponding DNS query: 173.223.108.114
Source: unknown	TCP traffic detected without corresponding DNS query: 173.223.108.114
Source: unknown	TCP traffic detected without corresponding DNS query: 173.223.108.114
Source: unknown	TCP traffic detected without corresponding DNS query: 173.223.108.114
Source: unknown	TCP traffic detected without corresponding DNS query: 173.223.108.114
Source: unknown	TCP traffic detected without corresponding DNS query: 173.223.108.114
Source: unknown	TCP traffic detected without corresponding DNS query: 173.223.108.114
Source: unknown	TCP traffic detected without corresponding DNS query: 173.223.108.114
Source: unknown	TCP traffic detected without corresponding DNS query: 173.223.108.114
Source: unknown	TCP traffic detected without corresponding DNS query: 173.223.108.114
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 173.223.108.114
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 173.223.108.114
Source: unknown	TCP traffic detected without corresponding DNS query: 173.223.108.114
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.240.158
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.240.158
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.240.158
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183

Source: global traffic	DNS traffic detected: DNS query: support.content.office.net
Source: global traffic	DNS traffic detected: DNS query: c.s-microsoft.com
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: mem.gfx.ms
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: assets.onestore.ms
Source: global traffic	DNS traffic detected: DNS query: microsoftwindows.112.2o7.net
Source: global traffic	DNS traffic detected: DNS query: amp.azure.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823

Source: unknown	HTTPS traffic detected: 173.223.108.114:443 -> 192.168.2.16:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.223.108.114:443 -> 192.168.2.16:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.16:49812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49847 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49850 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49862 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49954 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@18/6@32/365

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://support.microsoft.com/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1952,i,18210241806924396800,9894628172845726188,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1952,i,18210241806924396800,9894628172845726188,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4312 --field-trial-handle=1952,i,18210241806924396800,9894628172845726188,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4312 --field-trial-handle=1952,i,18210241806924396800,9894628172845726188,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://support.microsoft.com/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
s-part-0014.t-0009.t-msedge.net	13.107.246.42	true	false		unknown
microsoftwindows.112.2o7.net	63.140.62.17	true	false		unknown
sni1gl.wpc.omegacdn.net	152.199.21.175	true	false		unknown
www.google.com	142.250.186.100	true	false		unknown
s-part-0045.t-0009.t-msedge.net	13.107.246.73	true	false		unknown
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false		unknown
js.monitor.azure.com	unknown	unknown	false		unknown
c.s-microsoft.com	unknown	unknown	false		unknown
support.content.office.net	unknown	unknown	false		unknown
aadcdn.msftauth.net	unknown	unknown	false		unknown
login.microsoftonline.com	unknown	unknown	false		unknown
assets.onestore.ms	unknown	unknown	false		unknown
amp.azure.net	unknown	unknown	false		unknown
mem.gfx.ms	unknown	unknown	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
13.107.246.42	s-part-0014.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.186.170	unknown	United States		15169	GOOGLEUS	false
152.195.19.97	unknown	United States		15133	EDGECASTUS	false
20.42.72.131	unknown	United States		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.16.164.120	unknown	European Union		20940	AKAMAI-ASN1EU	false
2.16.164.121	unknown	European Union		20940	AKAMAI-ASN1EU	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
93.184.221.200	unknown	European Union		15133	EDGECASTUS	false
23.192.249.186	unknown	United States		16625	AKAMAI-ASUS	false
104.124.11.170	unknown	United States		20940	AKAMAI-ASN1EU	false
20.190.160.14	unknown	United States		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
184.28.89.233	unknown	United States		16625	AKAMAI-ASUS	false
2.19.126.141	unknown	European Union		16625	AKAMAI-ASUS	false
2.19.126.163	unknown	European Union		16625	AKAMAI-ASUS	false
40.79.167.8	unknown	United States		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
88.221.110.179	unknown	European Union		20940	AKAMAI-ASN1EU	false
142.250.185.67	unknown	United States		15169	GOOGLEUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
108.177.15.84	unknown	United States		15169	GOOGLEUS	false
13.107.246.73	s-part-0045.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.217.16.206	unknown	United States		15169	GOOGLEUS	false
63.140.62.17	microsoftwindows.112.2o7.net	United States		15224	OMNITUREUS	false
23.9.166.16	unknown	United States		16625	AKAMAI-ASUS	false
88.221.169.152	unknown	European Union		16625	AKAMAI-ASUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
20.190.160.22	unknown	United States		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.131	unknown	United States		15169	GOOGLEUS	false
152.199.21.175	sni1gl.wpc.omegacdn.net	United States		15133	EDGECASTUS	false
142.250.186.142	unknown	United States		15169	GOOGLEUS	false
142.250.186.100	www.google.com	United States		15169	GOOGLEUS	false
88.221.168.116	unknown	European Union		16625	AKAMAI-ASUS	false
96.7.169.183	unknown	United States		262589	INTERNEXABRASILOPERADORADETELECOMUNICACOESSABR	false

Private

IP
192.168.2.16
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1499774
Start date and time:	2024-08-27 15:24:55 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://support.microsoft.com/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@18/6@32/365

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.67, 88.221.168.116, 108.177.15.84, 142.250.186.142, 34.104.35.123
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://support.microsoft.com/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 12:25:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.987974667869716
Encrypted:	false
SSDEEP:
MD5:	CE2F915B55ADB0B39824F8F3A9BE1B63
SHA1:	3AD5405E010AA30620B0A7245EEACC0C16E06BF9
SHA-256:	3422B466177884B8F16B77A9788ACE6123774D63CD752CB2889AFF4C246A7FEE
SHA-512:	D15C34E5F21B7527D4B1B2B3F3D7C05BAEF763D065C6CA437A42FD34EC61C8DE4F7600904B9A3A8A9999C0AB7E8290D5DB221D4933F3DCCC69AED21499D91CCD
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,..........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y%k....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y,k....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y,k....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y,k..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y-k...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 12:25:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.001811614091547
Encrypted:	false
SSDEEP:
MD5:	6404E644C6F4D41E1FCD5C0ACFF8D86D
SHA1:	065564DFB8E6D4A1B92BC68C797D946A695F302E
SHA-256:	04D8801278AE17EFA78B2FA7169823EAB0EB573CDE77FCDDAB7A739835B2C7E6
SHA-512:	0305A236743D9921C96FB69FA833735E9EA9D3443481F1C3D7037B010A37BC19A4B1520C007581C0B623D5E722169592232D6557A207818B25730CBB49769224
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....l.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y%k....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y,k....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y,k....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y,k..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y-k...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.008971244741807
Encrypted:	false
SSDEEP:
MD5:	345C3705655A65DBFCD3568505DF69F1
SHA1:	B8FEA04BAD2AEF9C37EC21792A6626926E45D7FD
SHA-256:	046466C190BF76BBD7E892615C60916FC4E739FDE330AD5E05FB6F1496D0BBF5
SHA-512:	FF899349DE4624A13A2D5A18F65D23C23CE67EC868C9EE33C7EE18745324FDB7999449EAFD0AE07614A1BD3E42C7091E8081283B77B43BF86248FCD021FCCEC8
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y%k....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y,k....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y,k....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y,k..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 12:25:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.000204583797017
Encrypted:	false
SSDEEP:
MD5:	55D3FA8B521B497C23AFC185D7AD837B
SHA1:	896128F6128063F20617CB9EA736A34555CE8C21
SHA-256:	40EDA7F9728C5D1F0E52009E32E025F5A0374E386F5C01AD9D918F2A45EDA710
SHA-512:	A1F1ECB0C6E090F609B851D3C4A436420D9BF8B825C9F95D41A97804CB390F2D9D1D7B6DBDB41C3E53AD20BBD654F419D78D298FCD18797CDCB2693583F82798
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....z......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y%k....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y,k....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y,k....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y,k..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y-k...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 12:25:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.992146796609537
Encrypted:	false
SSDEEP:
MD5:	8634BF5F3394FCD8E86EC9A0EB34492C
SHA1:	91E342AD4E51EC5E7791850D819AC69D8584C4C3
SHA-256:	EB6869E89F14FF7AB310F5C73BEAD5CB574C10AC011C11744572FC492E945AB2
SHA-512:	72D82F530E5DAC571C00FCAC3D506D767F82D8713463F069F35FCC5BFB4AF722A2B8EBD5FAB06513901268A4E029CC2553E345D28BDCC56D4600A74351933271
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y%k....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y,k....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y,k....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y,k..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y-k...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 12:25:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.000992865252472
Encrypted:	false
SSDEEP:
MD5:	BF33F51DE73E28BD8C97B5F066489737
SHA1:	FD01E7917791879E383DC8C28630E0DF7B781049
SHA-256:	A97EAA952F38EB03DC28E5F12685B71C5EF85C9F711C790BC60C59792D353804
SHA-512:	1EC394AF2623B1D01D1F4EC332ABD765F3045CEF16F3B381445752CA076EF8338DF50CF2C1FF15CEF4102600FCEA514D1BAF780EFD8CC6F8F921CC37AEE68E0B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y%k....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y,k....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y,k....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y,k..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y-k...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Static File Info

⊘No static file info