Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://www.dropbox.com/scl/fo/dypnewy032frqiop6d7gh/AGQRgoJcNqKPbhsYQheP8nM?rlkey=t6ozmhhbporfamqnz8ddx2in0&st=r8w1wv0v&dl=0

Overview

General Information

Sample URL:	https://www.dropbox.com/scl/fo/dypnewy032frqiop6d7gh/AGQRgoJcNqKPbhsYQheP8nM?rlkey=t6ozmhhbporfamqnz8ddx2in0&st=r8w1wv0v&dl=0
Analysis ID:	1510147

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

AI detected landing page (webpage, office document or email)

HTML page contains hidden URLs

Phishing site detected (based on favicon image match)

Phishing site detected (based on image similarity)

Phishing site or detected (based on various text indicators)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML body with high number of embedded images detected

HTML page contains hidden javascript code

HTML title does not match URL

Invalid 'forgot password' link found

Stores files to the Windows start menu directory

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 6332 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.dropbox.com/scl/fo/dypnewy032frqiop6d7gh/AGQRgoJcNqKPbhsYQheP8nM?rlkey=t6ozmhhbporfamqnz8ddx2in0&st=r8w1wv0v&dl=0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6848 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1972,i,12507484742753693452,17772147596204214106,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://pub-03a94b366f924d73997765875d0e6b81.r2.dev/statementonedrivedoc.html

LLM: Score: 0 Reasons: The domain 'pub-03a94b366f924d73997765875d0e6b81.r2.dev' does not match the legitimate domain associated with Microsoft, which is'microsoft.com'. The presence of the 'dev' top level domain and the 'pub' subdomain suggests that this is a development environment, possibly for testing or internal use, rather than a legitimate Microsoft webpage. DOM: 304.11.pages.csv

HTML page contains hidden URLs

Source: https://pub-03a94b366f924d73997765875d0e6b81.r2.dev/statementonedrivedoc.html

HTTP Parser: https://cmowunfermlndorminantckrewzoo.lol/GARCIA/dcdf4a8.php

Phishing site detected (based on favicon image match)

Source: https://pub-03a94b366f924d73997765875d0e6b81.r2.dev/statementonedrivedoc.html

Matcher: Template: microsoft matched with high similarity

Phishing site detected (based on image similarity)

Source: https://pub-03a94b366f924d73997765875d0e6b81.r2.dev/statementonedrivedoc.html

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 278.9

OCR Text: Work Order & Pay 100% OneDrive for Business Brandi shared a folder with you. Here's the folder grandi shared with you. You Have received 3 for your revie w. This message was sent to you to protect sensitive information. Date created: 09/05/2024 09:30 AM 2.3 M 3.Expiry 110/05/2024 Ref: Review Shared Documents from Brandi "Click View and Print Online" DOW1110ad the app uu for Windows TO W't.n this sent' 10. "w Click View and Online" "

Source: https://pub-03a94b366f924d73997765875d0e6b81.r2.dev/statementonedrivedoc.html

HTTP Parser: Number of links: 0

Source: https://pub-03a94b366f924d73997765875d0e6b81.r2.dev/statementonedrivedoc.html

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://pub-03a94b366f924d73997765875d0e6b81.r2.dev/statementonedrivedoc.html

HTTP Parser: Total embedded image size: 31111

Source: https://www.dropbox.com/scl/fo/dypnewy032frqiop6d7gh/AGQRgoJcNqKPbhsYQheP8nM?rlkey=t6ozmhhbporfamqnz8ddx2in0&st=r8w1wv0v&dl=0

HTTP Parser: Base64 decoded: idx_ai_control_center

Source: https://pub-03a94b366f924d73997765875d0e6b81.r2.dev/statementonedrivedoc.html

HTTP Parser: Title: Sign in to Outlook does not match URL

Source: https://pub-03a94b366f924d73997765875d0e6b81.r2.dev/statementonedrivedoc.html

HTTP Parser: Invalid link: Forgot my password

Source: https://pub-03a94b366f924d73997765875d0e6b81.r2.dev/statementonedrivedoc.html

HTTP Parser: <input type="password" .../> found

Source: file:///C:/Users/user/Downloads/Work%20Order%20&%20Pay%20App.pdf	HTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/Work%20Order%20&%20Pay%20App.pdf	HTTP Parser: No favicon
Source: https://pub-03a94b366f924d73997765875d0e6b81.r2.dev/statementonedrivedoc.html	HTTP Parser: No favicon

Source: https://pub-03a94b366f924d73997765875d0e6b81.r2.dev/statementonedrivedoc.html

HTTP Parser: No <meta name="author".. found

Source: https://pub-03a94b366f924d73997765875d0e6b81.r2.dev/statementonedrivedoc.html

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49796 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:50045 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 29MB

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	DNS traffic detected: DNS query: www.dropbox.com
Source: global traffic	DNS traffic detected: DNS query: cfl.dropboxstatic.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: uc5a1b9bcddbfdcf24f27aa76912.previews.dropboxusercontent.com
Source: global traffic	DNS traffic detected: DNS query: fp.dropbox.com
Source: global traffic	DNS traffic detected: DNS query: use1-turn.fpjs.io
Source: global traffic	DNS traffic detected: DNS query: www.dropboxstatic.com
Source: global traffic	DNS traffic detected: DNS query: uce3be385a7bf3e7836869b0a870.previews.dropboxusercontent.com
Source: global traffic	DNS traffic detected: DNS query: d.dropbox.com
Source: global traffic	DNS traffic detected: DNS query: uc497f9c9c14c3e2f2b27f375ac9.dl.dropboxusercontent.com
Source: global traffic	DNS traffic detected: DNS query: pub-03a94b366f924d73997765875d0e6b81.r2.dev
Source: global traffic	DNS traffic detected: DNS query: cmowunfermlndorminantckrewzoo.lol
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50298
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50299
Source: unknown	Network traffic detected: HTTP traffic on port 50395 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50561 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50181
Source: unknown	Network traffic detected: HTTP traffic on port 50366 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50475 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50389 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50452 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50532 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50502
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 50423 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 50440 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50331 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50500
Source: unknown	Network traffic detected: HTTP traffic on port 50325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50543 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50537 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50509
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 50502 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50388 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50516
Source: unknown	Network traffic detected: HTTP traffic on port 50550 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50199
Source: unknown	Network traffic detected: HTTP traffic on port 50332 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50371 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50303 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 50544 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50538 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 50326 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50403
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50402
Source: unknown	Network traffic detected: HTTP traffic on port 50492 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50405
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50555 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50549 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50408
Source: unknown	Network traffic detected: HTTP traffic on port 50337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50401
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50411 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50453 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50405 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 50382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50424 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50556 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50373
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50372
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50493
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50330 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50447 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50258
Source: unknown	Network traffic detected: HTTP traffic on port 50353 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50379
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50382
Source: unknown	Network traffic detected: HTTP traffic on port 50347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50299 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50386
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50385
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50388
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50145
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50389
Source: unknown	Network traffic detected: HTTP traffic on port 50516 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50393
Source: unknown	Network traffic detected: HTTP traffic on port 50413 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50258 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50533 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50329 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 50298 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50395
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50394
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50278
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50399
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50159
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50158
Source: unknown	Network traffic detected: HTTP traffic on port 50540 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50160
Source: unknown	Network traffic detected: HTTP traffic on port 50435 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50412 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 50551 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 50539 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50302 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50545 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50562 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50401 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 50145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50337
Source: unknown	Network traffic detected: HTTP traffic on port 50552 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50338
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50219
Source: unknown	Network traffic detected: HTTP traffic on port 50414 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50546 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50331
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50452
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50330
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50333
Source: unknown	Network traffic detected: HTTP traffic on port 50357 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50454
Source: unknown	Network traffic detected: HTTP traffic on port 50500 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50332
Source: unknown	Network traffic detected: HTTP traffic on port 50334 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50453
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50334
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50408 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50328 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50347
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50557 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50448 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50300 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50403 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50472 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50351
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50472
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50350
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50353
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50473
Source: unknown	Network traffic detected: HTTP traffic on port 50351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50475
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50357
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50356
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50477
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50360
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50402 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50473 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50385 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50243
Source: unknown	Network traffic detected: HTTP traffic on port 50393 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50379 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50366
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50367
Source: unknown	Network traffic detected: HTTP traffic on port 50541 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50371
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50492
Source: unknown	Network traffic detected: HTTP traffic on port 50181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50414
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50413
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50537
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50539
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50538
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50412
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50533
Source: unknown	Network traffic detected: HTTP traffic on port 50338 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50411
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50532
Source: unknown	Network traffic detected: HTTP traffic on port 50158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50399 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50542 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50304
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50546
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50303
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50424
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50545
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50306
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50548
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50547
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50549
Source: unknown	Network traffic detected: HTTP traffic on port 50278 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50547 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50553 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50509 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50540
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50300
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50421
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50542
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50541
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50302
Source: unknown	Network traffic detected: HTTP traffic on port 50356 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50423
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50544
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50301
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50422
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50543
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50373 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50560 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 50367 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 50304 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 50493 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50557
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50435
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50556
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50559
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50548 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50554 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50449 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50551
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50550
Source: unknown	Network traffic detected: HTTP traffic on port 50394 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50553
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50552
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50555
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50554
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50454 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 50477 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50326
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50447
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50325
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50328
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50449
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50327
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50448
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50329
Source: unknown	Network traffic detected: HTTP traffic on port 50421 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50560
Source: unknown	Network traffic detected: HTTP traffic on port 50559 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50562
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50440
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50561
Source: unknown	Network traffic detected: HTTP traffic on port 50333 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 50327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900

Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49796 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:50045 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.win@25/8@52/216

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.dropbox.com/scl/fo/dypnewy032frqiop6d7gh/AGQRgoJcNqKPbhsYQheP8nM?rlkey=t6ozmhhbporfamqnz8ddx2in0&st=r8w1wv0v&dl=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1972,i,12507484742753693452,17772147596204214106,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1972,i,12507484742753693452,17772147596204214106,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: file:///C:/Users/user/Downloads/Work%20Order%20&%20Pay%20App.pdf

LLM: Page contains button: 'Click View and Print Online' Source: '278.9.pages.csv'

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://www.dropbox.com/scl/fo/dypnewy032frqiop6d7gh/AGQRgoJcNqKPbhsYQheP8nM?rlkey=t6ozmhhbporfamqnz8ddx2in0&st=r8w1wv0v&dl=0	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
file:///C:/Users/user/Downloads/Work%20Order%20&%20Pay%20App.pdf	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
use1-turn.fpjs.io	35.157.212.223	true	false		unknown
edge-block-www-env.dropbox-dns.com	162.125.66.15	true	false		unknown
cmowunfermlndorminantckrewzoo.lol	137.184.176.204	true	true		unknown
static-iad.v.dropbox.com	162.125.21.1	true	false		unknown
s-part-0029.t-0009.t-msedge.net	13.107.246.57	true	false		unknown
edge-block-previews-env.dropbox-dns.com	162.125.66.16	true	false		unknown
code.jquery.com	151.101.194.137	true	false		unknown
cdnjs.cloudflare.com	104.17.24.14	true	false		unknown
static-pdx.v.dropbox.com	162.125.40.3	true	false		unknown
www-env.dropbox-dns.com	162.125.66.18	true	false		unknown
d-edge.v.dropbox.com	162.125.6.20	true	false		unknown
www.google.com	142.250.185.228	true	false		unknown
pub-03a94b366f924d73997765875d0e6b81.r2.dev	104.18.3.35	true	true		unknown
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false		unknown
fp.dropbox.com	18.239.36.2	true	false		unknown
uc5a1b9bcddbfdcf24f27aa76912.previews.dropboxusercontent.com	unknown	unknown	false		unknown
cfl.dropboxstatic.com	unknown	unknown	false		unknown
uc497f9c9c14c3e2f2b27f375ac9.dl.dropboxusercontent.com	unknown	unknown	false		unknown
www.dropboxstatic.com	unknown	unknown	false		unknown
d.dropbox.com	unknown	unknown	false		unknown
www.dropbox.com	unknown	unknown	false		unknown
uce3be385a7bf3e7836869b0a870.previews.dropboxusercontent.com	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Downloads/Work%20Order%20&%20Pay%20App.pdf	true	Avira URL Cloud: safe	unknown
https://pub-03a94b366f924d73997765875d0e6b81.r2.dev/statementonedrivedoc.html	true		unknown
https://www.dropbox.com/scl/fo/dypnewy032frqiop6d7gh/AGQRgoJcNqKPbhsYQheP8nM?rlkey=t6ozmhhbporfamqnz8ddx2in0&e=1&st=r8w1wv0v&dl=0	false		unknown
https://www.dropbox.com/scl/fo/dypnewy032frqiop6d7gh/AGQRgoJcNqKPbhsYQheP8nM?dl=0&e=1&preview=Work+Order+%26+Pay+App.pdf&rlkey=t6ozmhhbporfamqnz8ddx2in0&st=r8w1wv0v	false		unknown
https://www.dropbox.com/scl/fo/dypnewy032frqiop6d7gh/AGQRgoJcNqKPbhsYQheP8nM?rlkey=t6ozmhhbporfamqnz8ddx2in0&st=r8w1wv0v&dl=0	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.185.228	www.google.com	United States		15169	GOOGLEUS	false
18.196.235.131	unknown	United States		16509	AMAZON-02US	false
104.18.3.35	pub-03a94b366f924d73997765875d0e6b81.r2.dev	United States		13335	CLOUDFLARENETUS	true
162.125.8.20	unknown	United States		19679	DROPBOXUS	false
104.16.100.29	unknown	United States		13335	CLOUDFLARENETUS	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
137.184.176.204	cmowunfermlndorminantckrewzoo.lol	United States		11003	PANDGUS	true
162.125.6.20	d-edge.v.dropbox.com	United States		19679	DROPBOXUS	false
162.125.40.3	static-pdx.v.dropbox.com	United States		19679	DROPBOXUS	false
162.125.21.1	static-iad.v.dropbox.com	United States		19679	DROPBOXUS	false
104.16.99.29	unknown	United States		13335	CLOUDFLARENETUS	false
151.101.194.137	code.jquery.com	United States		54113	FASTLYUS	false
142.250.186.99	unknown	United States		15169	GOOGLEUS	false
162.125.66.16	edge-block-previews-env.dropbox-dns.com	United States		19679	DROPBOXUS	false
104.17.24.14	cdnjs.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
162.125.66.18	www-env.dropbox-dns.com	United States		19679	DROPBOXUS	false
108.177.15.84	unknown	United States		15169	GOOGLEUS	false
13.107.246.57	s-part-0029.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
74.125.71.84	unknown	United States		15169	GOOGLEUS	false
142.250.185.110	unknown	United States		15169	GOOGLEUS	false
162.125.66.15	edge-block-www-env.dropbox-dns.com	United States		19679	DROPBOXUS	false
142.251.173.84	unknown	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
142.250.185.195	unknown	United States		15169	GOOGLEUS	false
142.250.184.238	unknown	United States		15169	GOOGLEUS	false
18.239.36.2	fp.dropbox.com	United States		16509	AMAZON-02US	false

Private

IP
192.168.2.17
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1510147
Start date and time:	2024-09-12 16:15:32 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://www.dropbox.com/scl/fo/dypnewy032frqiop6d7gh/AGQRgoJcNqKPbhsYQheP8nM?rlkey=t6ozmhhbporfamqnz8ddx2in0&st=r8w1wv0v&dl=0
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.win@25/8@52/216

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.195, 142.250.185.110, 74.125.71.84, 34.104.35.123, 104.16.100.29, 104.16.99.29
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com, cfl.dropboxstatic.com.cdn.cloudflare.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://www.dropbox.com/scl/fo/dypnewy032frqiop6d7gh/AGQRgoJcNqKPbhsYQheP8nM?rlkey=t6ozmhhbporfamqnz8ddx2in0&st=r8w1wv0v&dl=0

LLM Input / Output

Input	Output
URL: file:///C:/Users/user/Downloads/Work%20Order%20&%20Pay%20App.pdf Model: jbxai	{ "brand":["OneDrive for Business"], "contains_trigger_text":true, "prominent_button_name":"Click View and Print Online", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://pub-03a94b366f924d73997765875d0e6b81.r2.dev/statementonedrivedoc.html Model: jbxai	{ "brand":["Microsoft"], "contains_trigger_text":true, "prominent_button_name":"Next", "text_input_field_labels":["Email, phone, or Skype", "Can't access your account?"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://pub-03a94b366f924d73997765875d0e6b81.r2.dev/statementonedrivedoc.html Model: jbxai	{ "phishing_score":0, "brands":["Microsoft"], "brand_matches_associated_domain":false, "reasons":"The domain 'pub-03a94b366f924d73997765875d0e6b81.r2.dev' does not match the legitimate domain associated with Microsoft, which is'microsoft.com'. The presence of the 'dev' top level domain and the 'pub' subdomain suggests that this is a development environment, possibly for testing or internal use, rather than a legitimate Microsoft webpage.", "brand_matches":[false], "url_match":false}

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 12 13:16:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9706768281106086
Encrypted:	false
SSDEEP:
MD5:	AFA3894299339823E12473A48644DF01
SHA1:	4DB5060E140A8B71A7E8D3BD1AC3C88A5B714A39
SHA-256:	6DD81D5C0B33C68F86E8BFA0EF82760E4AEFC2DEED8A4A14306EE03BCFB24779
SHA-512:	92D62B959D350374A0A2768D14B43E5DCDB70B2659DF78CF7DAD3C33A667F35709C8967013B5DD74D177002F35681179CC3286EA83AC9A3E351B65B91A3A9943
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......M....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I,Y.q....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Y.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Y.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Y.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Y.r...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........>.s......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 12 13:16:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.986965114084422
Encrypted:	false
SSDEEP:
MD5:	3532DB0EEA09C940937A33AAC883C4ED
SHA1:	7209ACA4D4B1E4749E7A6DD0D84D4AF169986C00
SHA-256:	05F5541649305D9CEC329ADECCA6125D417A8BA0A69C456A965CFCDFF9138016
SHA-512:	58CD07D883D19639AA8328FF3C0E3B794C16ED3EC548A8F04813EE04DDD1639351EC0B72A082555869E0364EF9598A0CCAC3E46C3E911991F565EDEF7B6A85C9
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......M....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I,Y.q....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Y.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Y.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Y.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Y.r...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........>.s......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	3.996397205000167
Encrypted:	false
SSDEEP:
MD5:	6B797C2F9276BC6D67DBEDFDD99B3667
SHA1:	4B7A142127100330BB6125D030C65E09BF1E7556
SHA-256:	B3EECDEE3602992AE71C734769138FD2B61FD81CFE7D98070B9325DD7AF4638F
SHA-512:	8EFC624B8D4423534E6DAD534BC622CF33A90C94B7C76946CC183EFDC17F2C477CBD0427A36D44DC5ECF04BE47EDF6E72ACCA3EC12F7C0F2D5AB794A717BECE3
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I,Y.q....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Y.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Y.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Y.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........>.s......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 12 13:16:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9855131216379998
Encrypted:	false
SSDEEP:
MD5:	69E2702573A7DA72C2B54792BDEDD0E4
SHA1:	6E7CF2F20DB91BB88F093C8F06EB24663F453402
SHA-256:	2FAFEF3F9DC3D25F7E5D80E3CFC9E741FC5FE6C98F5AD3A684AF11C5EC889E26
SHA-512:	383AD2CD09DA4C811A346A78C24155872DEF45407D21D7C9F2B0D384CCEE0FA7FADF5496E9F8901A5BA32B0219018DFD3803B560EE88364674CBF2DB4EBF2F92
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....a.M....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I,Y.q....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Y.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Y.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Y.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Y.r...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........>.s......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 12 13:16:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.973385102793769
Encrypted:	false
SSDEEP:
MD5:	D18DA880FEED82561EA1F704364FAD75
SHA1:	EC0CC3A5F781469D2A0211F7A727A7BCCBC09D7D
SHA-256:	6BA4983211EFB32A863877EAAFC5FC2B2D798662CB5526FA93FD4C9B097AC428
SHA-512:	04902C5DAC4CE886CAB18C621E24E9CD013882B8CA4C078116C747F52B4CFB27E106B80D849D2E2299F0C0FB50870A5D27125A7A693FAB6D0E8200279CF383E3
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....S..M....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I,Y.q....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Y.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Y.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Y.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Y.r...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........>.s......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 12 13:16:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9828941324809546
Encrypted:	false
SSDEEP:
MD5:	9268555E8739BA53AC37D9AC14EC38E5
SHA1:	960C72B8C7496B1F1B89C69A52EA90B6B2297A1F
SHA-256:	F3D8AD0040AB0D06383821E1AEECE62838174778789F49E6F16363321C50F709
SHA-512:	84252CC0CC09CF044FE6663A93B524C2485B04A5A41AB83F620A5817FF5E2F8F631459E1D362802862606310FC1121BF26E944DC04719D939A36A0C4F2A4CFCC
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......M....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I,Y.q....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Y.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Y.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Y.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Y.r...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........>.s......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\Downloads\38a4f666-d114-4b3a-a658-52009a5e5126.tmp

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.7, 1 pages
Category:	dropped
Size (bytes):	15609
Entropy (8bit):	7.720309236416813
Encrypted:	false
SSDEEP:
MD5:	ABB5DE34DE336B969777125D35601B18
SHA1:	0BBADE2A7EBB9E33805BE8BCD9DDB9A91C673F9C
SHA-256:	136D88FB417E24C52B166DFEDB5E58E86FC99696C3E0C9CB184FA2436A588FCF
SHA-512:	158ED18B1C16417D582DF83571C33985F8A80BDF60AB414E589E734679FB0EFC77AF2568778F782390A3B77CFBFBFF8026E43D1D3D7CAAD87B543D9021200FC1
Malicious:	false
Reputation:	unknown
Preview:	%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en-US) /StructTreeRoot 21 0 R/MarkInfo<</Marked true>>/Metadata 78 0 R/ViewerPreferences 79 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 11 0 R/F4 16 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/XObject<</Image15 15 0 R/Image19 19 0 R/Image20 20 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/Annots[ 13 0 R 14 0 R 18 0 R] /MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 2979>>..stream..x..]mo.6... .A.'....S\......,...W.....8.q.d..n......e[.D.P..YD.d..pfH>$.......o/...M....\|.:....+..8.2...Z'.....................C:..2%3*.N.... ...mv..yfwtW.w?...3..eW.=?{.9.r~..}.:......D.y.S.JY.&..'....1.S.#...hY.6.....p.{....^Z....k..(.EimHQ...a.\.T..+..R..P7Xi...I..........t.`..q@x.HZ........CfW..j.O.E..S.=!r.J........

C:\Users\user\Downloads\Work Order & Pay App.pdf (copy)

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.7, 1 pages
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	D463AA6D4D2B4ACDD13678CEE22C3BF3
SHA1:	F66A6EAD8735154725DFE492320FB673679546FC
SHA-256:	4A08006E2CB8BD5D87F16AE4E841D0089E75EE12319FEAB4A4FF9668CF958AA6
SHA-512:	A47CE212E4F141CCB7324D4C63348288FBD0B60D952C543DA62E982BFD879061273C3F35B43B46FD46A6516531D0DAC0B6D9725CE6904371CDF9EBBC6A76E341
Malicious:	false
Reputation:	unknown
Preview:	%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en-US) /StructTreeRoot 21 0 R/MarkInfo<</Marked true>>/Metadata 78 0 R/ViewerPreferences 79 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 11 0 R/F4 16 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/XObject<</Image15 15 0 R/Image19 19 0 R/Image20 20 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/Annots[ 13 0 R 14 0 R 18 0 R] /MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 2979>>..stream..x..]mo.6... .A.'....S\......,...W.....8.q.d..n......e[.D.P..YD.d..pfH>$.......o/...M....\|.:....+..8.2...Z'.....................C:..2%3*.N.... ...mv..yfwtW.w?...3..eW.=?{.9.r~..}.:......D.y.S.JY.&..'....1.S.#...hY.6.....p.{....^Z....k..(.EimHQ...a.\.T..+..R..P7Xi...I..........t.`..q@x.HZ........CfW..j.O.E..S.=!r.J........

C:\Users\user\Downloads\Work Order & Pay App.pdf.crdownload

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.7, 1 pages
Category:	dropped
Size (bytes):	153072
Entropy (8bit):	7.946046263883071
Encrypted:	false
SSDEEP:
MD5:	D463AA6D4D2B4ACDD13678CEE22C3BF3
SHA1:	F66A6EAD8735154725DFE492320FB673679546FC
SHA-256:	4A08006E2CB8BD5D87F16AE4E841D0089E75EE12319FEAB4A4FF9668CF958AA6
SHA-512:	A47CE212E4F141CCB7324D4C63348288FBD0B60D952C543DA62E982BFD879061273C3F35B43B46FD46A6516531D0DAC0B6D9725CE6904371CDF9EBBC6A76E341
Malicious:	false
Reputation:	unknown
Preview:	%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en-US) /StructTreeRoot 21 0 R/MarkInfo<</Marked true>>/Metadata 78 0 R/ViewerPreferences 79 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 11 0 R/F4 16 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/XObject<</Image15 15 0 R/Image19 19 0 R/Image20 20 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/Annots[ 13 0 R 14 0 R 18 0 R] /MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 2979>>..stream..x..]mo.6... .A.'....S\......,...W.....8.q.d..n......e[.D.P..YD.d..pfH>$.......o/...M....\|.:....+..8.2...Z'.....................C:..2%3*.N.... ...mv..yfwtW.w?...3..eW.=?{.9.r~..}.:......D.y.S.JY.&..'....1.S.#...hY.6.....p.{....^Z....k..(.EimHQ...a.\.T..+..R..P7Xi...I..........t.`..q@x.HZ........CfW..j.O.E..S.=!r.J........

Static File Info

⊘No static file info