Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
http://egynte.com/

Overview

General Information

Sample URL:http://egynte.com/
Analysis ID:1519674

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
HTML page contains hidden javascript code
Stores files to the Windows start menu directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 3012 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6788 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1920,i,7681189603524638834,18359496011803573587,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6444 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://egynte.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Networking
  • System Summary
  • Boot Survival

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: http://ww38.egynte.com/LLM: Score: 9 Reasons: The URL 'ww38.egynte.com' contains a misspelling of the legitimate domain 'egnyte.com'., The legitimate brand associated with 'egnyte.com' is Egnyte, which is a known brand., The use of 'ww38' as a subdomain is unusual and suspicious., The input fields 'username' and 'password' are commonly targeted in phishing attempts. DOM: 0.1.pages.csv
Source: http://ww38.egynte.com/HTTP Parser: Base64 decoded: <svg fill='#D7D7D7' style="float: right" xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M0 0h24v24H0z" fill="none"/><path d="M5.88 4.12L13.76 12l-7.88 7.88L8 22l10-10L8 2z"/></svg>
Source: http://ww38.egynte.com/HTTP Parser: No favicon
Source: http://ww38.egynte.com/HTTP Parser: No favicon
Source: http://ww38.egynte.com/HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: egynte.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: ww38.egynte.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /scripts/sale_form.js HTTP/1.1Host: c.parkingcrew.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://ww38.egynte.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1Host: d38psrni17bvxu.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://ww38.egynte.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /track.php?domain=egynte.com&toggle=browserjs&uid=MTcyNzM3NDczNS42OTMzOjc0NjJkN2FkZDg1MGIxYzE1NTQwMTAyNDMxOGNlNDllZmQ1YTA5MDVjNTEzOGUzNDdhNzdlYjZmZjRhMWJjYTQ6NjZmNWE1OGZhOTQxMA%3D%3D HTTP/1.1Host: ww38.egynte.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://ww38.egynte.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /scripts/sale_form.js HTTP/1.1Host: c.parkingcrew.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1Host: d38psrni17bvxu.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ls.php?t=66f5a58f&token=98aa09de542cc495003380be920e6f08981a04d0 HTTP/1.1Host: ww38.egynte.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://ww38.egynte.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /track.php?domain=egynte.com&toggle=browserjs&uid=MTcyNzM3NDczNS42OTMzOjc0NjJkN2FkZDg1MGIxYzE1NTQwMTAyNDMxOGNlNDllZmQ1YTA5MDVjNTEzOGUzNDdhNzdlYjZmZjRhMWJjYTQ6NjZmNWE1OGZhOTQxMA%3D%3D HTTP/1.1Host: ww38.egynte.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /track.php?domain=egynte.com&caf=1&toggle=answercheck&answer=yes&uid=MTcyNzM3NDczNS42OTMzOjc0NjJkN2FkZDg1MGIxYzE1NTQwMTAyNDMxOGNlNDllZmQ1YTA5MDVjNTEzOGUzNDdhNzdlYjZmZjRhMWJjYTQ6NjZmNWE1OGZhOTQxMA%3D%3D HTTP/1.1Host: ww38.egynte.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://ww38.egynte.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __gsas=ID=a19ecbc3945e8a6f:T=1727374739:RT=1727374739:S=ALNI_MawbXgUXTYn-h2ojYA7j_wvDL2UvQ
Source: global trafficHTTP traffic detected: GET /track.php?domain=egynte.com&caf=1&toggle=answercheck&answer=yes&uid=MTcyNzM3NDczNS42OTMzOjc0NjJkN2FkZDg1MGIxYzE1NTQwMTAyNDMxOGNlNDllZmQ1YTA5MDVjNTEzOGUzNDdhNzdlYjZmZjRhMWJjYTQ6NjZmNWE1OGZhOTQxMA%3D%3D HTTP/1.1Host: ww38.egynte.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __gsas=ID=a19ecbc3945e8a6f:T=1727374739:RT=1727374739:S=ALNI_MawbXgUXTYn-h2ojYA7j_wvDL2UvQ
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ww38.egynte.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://ww38.egynte.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __gsas=ID=a19ecbc3945e8a6f:T=1727374739:RT=1727374739:S=ALNI_MawbXgUXTYn-h2ojYA7j_wvDL2UvQ
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ww38.egynte.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __gsas=ID=a19ecbc3945e8a6f:T=1727374739:RT=1727374739:S=ALNI_MawbXgUXTYn-h2ojYA7j_wvDL2UvQ
Source: global trafficDNS traffic detected: DNS query: egynte.com
Source: global trafficDNS traffic detected: DNS query: ww38.egynte.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: c.parkingcrew.net
Source: global trafficDNS traffic detected: DNS query: d38psrni17bvxu.cloudfront.net
Source: global trafficDNS traffic detected: DNS query: syndicatedsearch.goog
Source: global trafficDNS traffic detected: DNS query: afs.googleusercontent.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: classification engineClassification label: mal48.phis.win@18/20@32/240
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1920,i,7681189603524638834,18359496011803573587,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://egynte.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1920,i,7681189603524638834,18359496011803573587,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://egynte.com/0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://ww38.egynte.com/favicon.ico0%Avira URL Cloudsafe
http://ww38.egynte.com/track.php?domain=egynte.com&caf=1&toggle=answercheck&answer=yes&uid=MTcyNzM3NDczNS42OTMzOjc0NjJkN2FkZDg1MGIxYzE1NTQwMTAyNDMxOGNlNDllZmQ1YTA5MDVjNTEzOGUzNDdhNzdlYjZmZjRhMWJjYTQ6NjZmNWE1OGZhOTQxMA%3D%3D0%Avira URL Cloudsafe
http://ww38.egynte.com/ls.php?t=66f5a58f&token=98aa09de542cc495003380be920e6f08981a04d00%Avira URL Cloudsafe
http://ww38.egynte.com/track.php?domain=egynte.com&toggle=browserjs&uid=MTcyNzM3NDczNS42OTMzOjc0NjJkN2FkZDg1MGIxYzE1NTQwMTAyNDMxOGNlNDllZmQ1YTA5MDVjNTEzOGUzNDdhNzdlYjZmZjRhMWJjYTQ6NjZmNWE1OGZhOTQxMA%3D%3D0%Avira URL Cloudsafe
http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png0%Avira URL Cloudsafe
http://c.parkingcrew.net/scripts/sale_form.js0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
756471.parkingcrew.net
76.223.26.96
truefalse
    		unknown
    syndicatedsearch.goog
    		172.217.16.206
    		truefalse
      		unknown
      www.google.com
      		142.250.184.196
      		truefalse
        		unknown
        googlehosted.l.googleusercontent.com
        		142.250.185.193
        		truefalse
          		unknown
          egynte.com
          		103.224.182.253
          		truetrue
            		unknown
            c.parkingcrew.net
            		185.53.178.30
            		truefalse
              		unknown
              d38psrni17bvxu.cloudfront.net
              		18.66.121.190
              		truefalse
                		unknown
                afs.googleusercontent.com
                		unknown
                		unknownfalse
                  		unknown
                  ww38.egynte.com
                  		unknown
                  		unknowntrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://egynte.com/false
                      		unknown
                      http://ww38.egynte.com/favicon.icotrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.pngfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://ww38.egynte.com/track.php?domain=egynte.com&caf=1&toggle=answercheck&answer=yes&uid=MTcyNzM3NDczNS42OTMzOjc0NjJkN2FkZDg1MGIxYzE1NTQwMTAyNDMxOGNlNDllZmQ1YTA5MDVjNTEzOGUzNDdhNzdlYjZmZjRhMWJjYTQ6NjZmNWE1OGZhOTQxMA%3D%3Dtrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://ww38.egynte.com/track.php?domain=egynte.com&toggle=browserjs&uid=MTcyNzM3NDczNS42OTMzOjc0NjJkN2FkZDg1MGIxYzE1NTQwMTAyNDMxOGNlNDllZmQ1YTA5MDVjNTEzOGUzNDdhNzdlYjZmZjRhMWJjYTQ6NjZmNWE1OGZhOTQxMA%3D%3Dtrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://c.parkingcrew.net/scripts/sale_form.jsfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://ww38.egynte.com/ls.php?t=66f5a58f&token=98aa09de542cc495003380be920e6f08981a04d0true
                      • Avira URL Cloud: safe
                      		unknown
                      http://ww38.egynte.com/true
                        		unknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        142.250.184.196
                        		www.google.comUnited States
                        		15169GOOGLEUSfalse
                        13.248.148.254
                        		unknownUnited States
                        		16509AMAZON-02USfalse
                        142.250.186.78
                        		unknownUnited States
                        		15169GOOGLEUSfalse
                        142.250.185.129
                        		unknownUnited States
                        		15169GOOGLEUSfalse
                        142.250.185.206
                        		unknownUnited States
                        		15169GOOGLEUSfalse
                        1.1.1.1
                        		unknownAustralia
                        		13335CLOUDFLARENETUSfalse
                        142.250.74.206
                        		unknownUnited States
                        		15169GOOGLEUSfalse
                        172.217.16.206
                        		syndicatedsearch.googUnited States
                        		15169GOOGLEUSfalse
                        142.250.186.163
                        		unknownUnited States
                        		15169GOOGLEUSfalse
                        103.224.182.253
                        		egynte.comAustralia
                        		133618TRELLIAN-AS-APTrellianPtyLimitedAUtrue
                        142.250.181.238
                        		unknownUnited States
                        		15169GOOGLEUSfalse
                        142.250.185.193
                        		googlehosted.l.googleusercontent.comUnited States
                        		15169GOOGLEUSfalse
                        64.233.167.84
                        		unknownUnited States
                        		15169GOOGLEUSfalse
                        239.255.255.250
                        		unknownReserved
                        		unknownunknownfalse
                        76.223.26.96
                        		756471.parkingcrew.netUnited States
                        		16509AMAZON-02USfalse
                        18.66.121.190
                        		d38psrni17bvxu.cloudfront.netUnited States
                        		3MIT-GATEWAYSUSfalse
                        185.53.178.30
                        		c.parkingcrew.netGermany
                        		61969TEAMINTERNET-ASDEfalse
                        18.66.121.135
                        		unknownUnited States
                        		3MIT-GATEWAYSUSfalse
                        142.250.186.132
                        		unknownUnited States
                        		15169GOOGLEUSfalse
                        172.217.16.194
                        		unknownUnited States
                        		15169GOOGLEUSfalse
                        142.250.184.228
                        		unknownUnited States
                        		15169GOOGLEUSfalse
                        142.250.185.98
                        		unknownUnited States
                        		15169GOOGLEUSfalse

                        Private

                        IP
                        192.168.2.16
                        192.168.2.4

                        General Information

                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1519674
                        Start date and time:2024-09-26 20:18:20 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:defaultwindowsinteractivecookbook.jbs
                        Sample URL:http://egynte.com/
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:13
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • EGA enabled
                        Analysis Mode:stream
                        Analysis stop reason:Timeout
                        Detection:MAL
                        Classification:mal48.phis.win@18/20@32/240
                        • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe
                        • Excluded IPs from analysis (whitelisted): 142.250.186.163, 142.250.185.206, 64.233.167.84, 34.104.35.123, 199.232.210.172, 172.217.16.194, 142.250.185.98, 20.242.39.171
                        • Excluded domains from analysis (whitelisted): fe3.delivery.mp.microsoft.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, partner.googleadservices.com, glb.cws.prod.dcat.dsp.trafficmanager.net, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                        • VT rate limit hit for: http://egynte.com/

                        LLM Input / Output

                        InputOutput
                        URL: http://ww38.egynte.com/ Model: jbxai
                        {
"brand":["egynte.com"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                        URL: http://ww38.egynte.com/ Model: jbxai
                        {
"brand":["egynote.com"],
"contains_trigger_text":true,
"trigger_text":"view shared file",
"prominent_button_name":"view shared file",
"text_input_field_labels":["username",
"password"],
"pdf_icon_visible":true,
"has_visible_captcha":true,
"has_urgent_text":false,
"has_visible_qrcode":false}
                        URL: http://ww38.egynte.com/ Model: jbxai
                        {
"phishing_score":9,
"brands":"egynote.com",
"legit_domain":"egnyte.com",
"classification":"known",
"reasons":["The URL 'ww38.egynte.com' contains a misspelling of the legitimate domain 'egnyte.com'.",
"The legitimate brand associated with 'egnyte.com' is Egnyte,
 which is a known brand.",
"The use of 'ww38' as a subdomain is unusual and suspicious.",
"The input fields 'username' and 'password' are commonly targeted in phishing attempts."],
"brand_matches":[false],
"url_match":false,
"brand_input":"egynote.com",
"input_fields":"username,
 password"}

                        Created / dropped Files

                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 26 17:18:53 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                        Category:dropped
                        Size (bytes):2673
                        Entropy (8bit):3.9873151070179484
                        Encrypted:false
                        SSDEEP:
                        MD5:9DC57976FE21546768165EF4C1A296E1
                        SHA1:A6485A6AC35C64931E42D14D97FF6147C2F88FAF
                        SHA-256:04CEF735BFDDE0096CE4F966533E9F07F6CBA86232EE6BC221FE24C222205A4A
                        SHA-512:BEF9A1AACAED6FAF159677F8463DBDBF50768E2F06B45DE9C9299F7A96D950205185C33B5A1328B678D6FCC73A89D0B116262F0D84C6004CC1B8CEC0D1283655
                        Malicious:false
                        Reputation:unknown
                        Preview:L..................F.@.. ...$+.,.......@...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I:YQ.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V:YY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V:YY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V:YY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V:Y[............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............^.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 26 17:18:52 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                        Category:dropped
                        Size (bytes):2675
                        Entropy (8bit):4.003031734136376
                        Encrypted:false
                        SSDEEP:
                        MD5:97E14ACE064A7DE5662D7BC2F294B204
                        SHA1:7802354982A4C362BB7B27884807A0DF56836739
                        SHA-256:A35EF6D06D6F96A0547192516D99B843342470CAA2AE6D34B859C0ABF57B1171
                        SHA-512:14FD0280AD9B8E10EEAC228538CC6DBB15ABCB67B4B695D0B52298F44ABB96E672BA8C0FB09E402882C4C1596A3ED94D23CDDC99F060D98E7A39EF1780ECB3DB
                        Malicious:false
                        Reputation:unknown
                        Preview:L..................F.@.. ...$+.,.....~..@...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I:YQ.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V:YY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V:YY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V:YY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V:Y[............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............^.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                        Category:dropped
                        Size (bytes):2689
                        Entropy (8bit):4.009863778310564
                        Encrypted:false
                        SSDEEP:
                        MD5:0330D1E1D561EBC59F0DA28F0C0C04C8
                        SHA1:EDB1AE1AF3B86879FCE35F72D1AD68708C6AFFE8
                        SHA-256:F25D20A51F184B293DA0687FA4245AA5DF95E42F4EE107E06A3A3D5BB057F7D1
                        SHA-512:001C2D0413DF808899A513B341350F212CF0A294F25228F0AE87A3772E171AF5C1A552C296D752674F744D4BD2332E71DA812D66E6900235AFE1BF9C9A023A33
                        Malicious:false
                        Reputation:unknown
                        Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I:YQ.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V:YY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V:YY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V:YY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............^.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 26 17:18:52 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                        Category:dropped
                        Size (bytes):2677
                        Entropy (8bit):4.000027840936672
                        Encrypted:false
                        SSDEEP:
                        MD5:9012E708D4A3C1B18C0BC05DBA729474
                        SHA1:B63E7E16DF464E79DC9F36499C0C7196995A41D3
                        SHA-256:C14870780F4F1C9B9B608CB3459212A7A2142EE9A1F3F8A5472AA4417BB76499
                        SHA-512:1B36AC1A07AB1195D5D1178420574491BA3D7C54D097603BB3056D40B0E1F59B46A9935BCB3CB5DEDB5B54DECAA264E545CA34A4AD376E4E822CA45CD4DFBE9D
                        Malicious:false
                        Reputation:unknown
                        Preview:L..................F.@.. ...$+.,....}...@...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I:YQ.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V:YY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V:YY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V:YY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V:Y[............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............^.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 26 17:18:53 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                        Category:dropped
                        Size (bytes):2677
                        Entropy (8bit):3.987392710315942
                        Encrypted:false
                        SSDEEP:
                        MD5:A21726AA21C0EF31D818E4108521AC1D
                        SHA1:10847A9E572BCEF4BE0EC18D7BA142226F87A7DA
                        SHA-256:DC6D7F1C2F15A5CE87B8B7DA49707F9F85F821DFFAE9900330202E3CF30267E7
                        SHA-512:C09C687CA882FE68CA44E24A07FEE9343DF258D6D09E8087E81208D4AC701F48BEDD7C727C4BA52BD37C44446348752FBE1546EF419A486A82407B6CABFFA642
                        Malicious:false
                        Reputation:unknown
                        Preview:L..................F.@.. ...$+.,....oT.@...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I:YQ.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V:YY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V:YY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V:YY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V:Y[............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............^.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 26 17:18:52 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                        Category:dropped
                        Size (bytes):2679
                        Entropy (8bit):3.996481785511183
                        Encrypted:false
                        SSDEEP:
                        MD5:2462FF3D4A89E88C774B8A1E4C8565D6
                        SHA1:E8042520EE6F74BC687AB1D070062A6DABAFFA83
                        SHA-256:E723CBDF9DFF6D550BD32ABA69FFFBC915D1FCF274C44F325BB46ECA61121FDB
                        SHA-512:89B2FB398DB5FF0C25B046A74419A7608E816B2708CFDA965A933AD1C6BAD7A34DA09C1B66EC0C989935F7B074CBD640BC8E020E6692314B9A27F937D77C4ED6
                        Malicious:false
                        Reputation:unknown
                        Preview:L..................F.@.. ...$+.,....K...@...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I:YQ.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V:YY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V:YY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V:YY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V:Y[............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............^.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                        Chrome Cache Entry: 63

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:HTML document, ASCII text, with very long lines (14237)
                        Category:downloaded
                        Size (bytes):15117
                        Entropy (8bit):5.514788056236598
                        Encrypted:false
                        SSDEEP:
                        MD5:FA81F2F421E11994419CF0D9D6539538
                        SHA1:26776D384457E680FFE614EBC323DDDDCCF39F76
                        SHA-256:D97A33EDE14F37C6C87CBABE2D43E9E041BA53DEF5FD29005E7BE069206090CF
                        SHA-512:8678B9EDB588AC4E2175EB4BAE5E11F1823A6D9930E6FD3033FC292E3943893C381596C6DD5832FE94F67BFE590BA79C222D3BFBB6CF9309FDE6C5EACA9F1CC1
                        Malicious:false
                        Reputation:unknown
                        URL:https://syndicatedsearch.goog/afs/ads?adtest=off&psid=7840396037&pcsa=false&channel=bucket007%2C000003%2C002127%2Cbucket070&client=dp-teaminternet12_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww38.egynte.com%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwNzB8fHx8fHw2NmY1YTU4ZmE5M2E2fHx8MTcyNzM3NDczNS43NjQ0fDQ5Y2YyZThiNmEwZTQ3ZTBlZWI5YTM0OGRlYjgxYTg3NTU0YTQwYjF8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTVRKZk0zQm98YWQ3M2E5NjdiNGEzOThlOGUxN2Y0ODdkODQ0YWE3ZTU5YTMxNDFmZXwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDk4YWEwOWRlNTQyY2M0OTUwMDMzODBiZTkyMGU2ZjA4OTgxYTA0ZDB8MHxkcC10ZWFtaW50ZXJuZXQxMl8zcGh8MHwwfHx8&terms=Cloud%20File%2CHome%20Isp%2COrder%20Checks&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2459555574047248&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266%2C72717108&format=r3%7Cs&nocache=3611727374737969&num=0&output=afd_ads&domain_name=ww38.egynte.com&v=3&bsl=8&pac=0&u_his=1&u_tz=-240&dt=1727374737970&u_w=1280&u_h=1024&biw=1280&bih=907&psw=1280&psh=789&frm=0&uio=--&cont=tc&drt=0&jsid=caf&nfp=1&jsv=675574540&rurl=http%3A%2F%2Fww38.egynte.com%2F
                        Preview:<!doctype html><html lang="en"> <head> <style id="ssr-boilerplate">body{-webkit-text-size-adjust:100%; font-family:arial,sans-serif; margin:0;}.div{-webkit-box-flex:0 0; -webkit-flex-shrink:0; flex-shrink:0;max-width:100%;}.span:last-child, .div:last-child{-webkit-box-flex:1 0; -webkit-flex-shrink:1; flex-shrink:1;}.a{text-decoration:none; text-transform:none; color:inherit; display:inline-block;}.span{-webkit-box-flex:0 0; -webkit-flex-shrink:0; flex-shrink:0;display:inline-block; overflow:hidden; text-transform:none;}.img{border:none; max-width:100%; max-height:100%;}.i_{display:-ms-flexbox; display:-webkit-box; display:-webkit-flex; display:flex;-ms-flex-align:start; -webkit-box-align:start; -webkit-align-items:flex-start; align-items:flex-start;box-sizing:border-box; overflow:hidden;}.v_{-webkit-box-flex:1 0; -webkit-flex-shrink:1; flex-shrink:1;}.j_>span:last-child, .j_>div:last-child, .w_, .w_:last-child{-webkit-box-flex:0 0; -webkit-flex-shrink:0; flex-shrink:0;}.l_{-ms-overflow

                        Chrome Cache Entry: 64

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:gzip compressed data, max speed, from Unix, original size modulo 2^32 16306
                        Category:downloaded
                        Size (bytes):6129
                        Entropy (8bit):7.965008020594017
                        Encrypted:false
                        SSDEEP:
                        MD5:CC49FE271ADA29C160FD9E84190BB504
                        SHA1:ED9623DECCC89E8E70C54EAB22B95AAD75D4B3A8
                        SHA-256:F94093F37EE505B12B0595E7B7212C83A697D22779E05E981F92185CFF20727A
                        SHA-512:CF4917E509168E41F1A56ADA96455308F8703C920949464B0053F210761378AA0C2428F24C5F7FC0E73CB564F3C15247F58EA9EFDAB8221381E3BEFAD25AC547
                        Malicious:false
                        Reputation:unknown
                        URL:http://ww38.egynte.com/
                        Preview:...........[ys.H....).....8.ecl\....._.lSQ..R..!.0......LI..k.&.gw#.U6R...w....C...xu....<.:......R..ik.._Tb...~.x..i...V...V...og..m..V....~z.~...sG)...N..{{.G.j|.4...Q.G....&\......>..../Z...[...^[3..}..[.X:..N...J....h..fM.....k..{.ld.:..-].]|..>..6>.......k....6.....=..^.w.;..Z+...:..U*16...[..<oR.df.Yz.O.N?......I.1f.V...V.$.U.h...p.=...&)...x..m..j/&<.4.V.y|.e.......r.2.z.R,..d.c^.=.|6../2}f....gC.).d.ex.j.\M5y%.d..1.Q.S=.Xv..3<.......5{|..-...[....n....9\0.V]...z...?.~....SK/..c&../M\.2.{...4...T.9.8mq/..........8...0.N9|.U.i..w..~.,.Y6?..m.....kN..;1.E.....SB)..^.."Df.$"..%.......>...qHwD.NT]7.~..a.....r.....ej.&$.6?..M..3.....].<..n2...5....*C[,....k;eF..........0.A.XN...y;.M.;......1Pa.#.g..Wu..M[...P.}..T6W.:......._{.....Zf%.R.O4..dA,S.....wG.....HH9.nL.2..Rc.es...<...pV.-.. ....w.P..wm}...0.kV.j...1...O..a.F].rS.w..LP.z....R..N.b.k..r..c...W......f."!...L{V....-1u@.O.4...Z*..y.S...+%...Z+......c3V2...I.pS...q]...L.....-..N

                        Chrome Cache Entry: 65

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (1879)
                        Category:downloaded
                        Size (bytes):153410
                        Entropy (8bit):5.544257032805301
                        Encrypted:false
                        SSDEEP:
                        MD5:D238EB15535751B33354A43E60143097
                        SHA1:FD1070CDF2D665EDA150E8C015790264BBCE17DD
                        SHA-256:36289A0B85ACA6DCC91B26BA2B13862AE36032C1311D2893551BB791EC89A1E4
                        SHA-512:77EEBCC30F3B218EBAF2462A9604408831B8E997664EEE6696703C058157461B6EA2D10AECF857FE255AE0F1975E887938A90E1AFB6F313998725214CDC4BF24
                        Malicious:false
                        Reputation:unknown
                        URL:https://syndicatedsearch.goog/adsense/domains/caf.js?pac=0
                        Preview:if(!window['googleNDT_']){window['googleNDT_']=(new Date()).getTime();}(function() {window.googleAltLoader=3;var sffeData_={service_host:"syndicatedsearch.goog",hash:"8685197942978268185",packages:"domains",module:"ads",version:"1",m:{cei:"17300003,17301431,17301433,17301436,17301511,17301515,17301516,17301266",ah:true,uatm:500,ecfc2:true,llrm:1000,lldl:"bS5zZWFycy5jb20=",abf:{"_disableAdRequestForNewConsentStrategy":true,"_enableNewConsentStrategy":true,"_fixCtcLinksOnIos":true,"_googEnableQup":true,"_switchGwsRequestToUseAdsenseDomain":true,"_useServerProvidedDomain":true,"_waitOnConsentForFirstPartyCookie":true,"enableEnhancedTargetingRsonc":true,"enableNonblockingSasCookie":true},mdp:1800000,ssdl:"YXBwc3BvdC5jb20sYmxvZ3Nwb3QuY29tLGJyLmNvbSxjby5jb20sY2xvdWRmcm9udC5uZXQsZXUuY29tLGhvcHRvLm9yZyxpbi5uZXQsdHJhbnNsYXRlLmdvb2csdWsuY29tLHVzLmNvbSx3ZWIuYXBw",cdl:false,cdh:"syndicatedsearch.goog",cdem:{"afs_aa_baseline":500,"afs_chatbot":0,"afs_gpp_api":0}}};var n;function ba(a){var b=0;retur

                        Chrome Cache Entry: 67

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:gzip compressed data, max speed, from Unix, truncated
                        Category:dropped
                        Size (bytes):20
                        Entropy (8bit):1.5567796494470394
                        Encrypted:false
                        SSDEEP:
                        MD5:A4745ABC5E7FDB89CC6DF3069F3C6E69
                        SHA1:74789F7DDBEBD5B7323F6F8174005B4BF8C1F1ED
                        SHA-256:D1111B245F685176180E6F1631E6DC49BADF6672368E9CE260C71355165EFFDF
                        SHA-512:849461CB54ECDE577246AAD993D1ECABB879913E353AE322561C7C57605F571E23210FE12BDCEF49FAA99B5B003611976FF64348F620968271E38BBA1C7D7F62
                        Malicious:false
                        Reputation:unknown
                        Preview:....................

                        Chrome Cache Entry: 68

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (374), with no line terminators
                        Category:dropped
                        Size (bytes):374
                        Entropy (8bit):5.4208488569155335
                        Encrypted:false
                        SSDEEP:
                        MD5:BAB6E2CB1E8674729121F263F5D4A391
                        SHA1:8459E91E43E182F6CF5A1FCED6E6240ACA2E41BF
                        SHA-256:F596B784D6048211388EFB2F30723ADE2F4D9EE02545FCB49BC4BF9BAB4F789B
                        SHA-512:FFA5C63A2D3F94BF85B5CE332337AF9850132165A81D450C6D4EA5D609D289F93EE50D236942340CB2FFAF3668F4438105F8AB1C0EC780917B12C17EC5C632D2
                        Malicious:false
                        Reputation:unknown
                        Preview:__sasCookie({"_cookies_":[{"_value_":"ID=eae957a71a7dbe65:T=1727374740:RT=1727374740:S=ALNI_MZp14pHu2BPqjeHrNbXgFt2EKdxqA","_expires_":1761070740,"_path_":"/","_domain_":"egynte.com","_version_":1},{"_value_":"UID=00000efdc31dd9e8:T=1727374740:RT=1727374740:S=ALNI_Mb-5Pnt_5eoZ80joai9WKmBXyVUSA","_expires_":1761070740,"_path_":"/","_domain_":"egynte.com","_version_":2}]});

                        Chrome Cache Entry: 70

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (1879)
                        Category:downloaded
                        Size (bytes):153394
                        Entropy (8bit):5.544186415324258
                        Encrypted:false
                        SSDEEP:
                        MD5:4456B66B5993D7BE0BF2A4DB7343EA49
                        SHA1:4636EFA86A66A3EC7206D23D24394FE88515FF16
                        SHA-256:A29F57DA4D34190D2D48B3ECC629AE8A1E0E81FF8FA904939354075263190C57
                        SHA-512:DBDF9EBBB5D027DEDD6B491D79F720ED18DB1401CEACA8C4B2B208A149BFBBE0F881C45E6576719D9A4931E232B309D6811B77F99CFC37065514B83BAC9AAA67
                        Malicious:false
                        Reputation:unknown
                        URL:https://www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true
                        Preview:if(!window['googleNDT_']){window['googleNDT_']=(new Date()).getTime();}(function() {window.googleAltLoader=3;var sffeData_={service_host:"www.google.com",hash:"8685197942978268185",packages:"domains",module:"ads",version:"1",m:{cei:"17300003,17301431,17301433,17301436,17301511,17301516,17301266",ah:true,uatm:500,ecfc2:true,llrm:1000,lldl:"bS5zZWFycy5jb20=",abf:{"_disableAdRequestForNewConsentStrategy":true,"_enableNewConsentStrategy":true,"_fixCtcLinksOnIos":true,"_googEnableQup":true,"_switchGwsRequestToUseAdsenseDomain":true,"_useServerProvidedDomain":true,"_waitOnConsentForFirstPartyCookie":true,"enableEnhancedTargetingRsonc":true,"enableNonblockingSasCookie":true},mdp:1800000,ssdl:"YXBwc3BvdC5jb20sYmxvZ3Nwb3QuY29tLGJyLmNvbSxjby5jb20sY2xvdWRmcm9udC5uZXQsZXUuY29tLGhvcHRvLm9yZyxpbi5uZXQsdHJhbnNsYXRlLmdvb2csdWsuY29tLHVzLmNvbSx3ZWIuYXBw",cdl:false,cdh:"syndicatedsearch.goog",cdem:{"afs_aa_baseline":500,"afs_chatbot":0,"afs_gpp_api":0}}};var n;function ba(a){var b=0;return function(){ret

                        Chrome Cache Entry: 71

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (1879)
                        Category:dropped
                        Size (bytes):153401
                        Entropy (8bit):5.544127995933644
                        Encrypted:false
                        SSDEEP:
                        MD5:8D9DFC9E60FC71509ADF21CBD8DD9AE6
                        SHA1:8A22866A91DF57CC78D0C752AE023B5DFCF6A237
                        SHA-256:7FABBC558B3438AB8C850C67DE482BA81FB22AF8834278A6A847294F4D9AE9BF
                        SHA-512:2D8BA6F57FC982782D0B033D49FD7AE7F8D82A127E43FADE5D35761D8967B9644F458359915330143F545CA80517778A8A899FB52A5D673B00426BF28DA2BFF7
                        Malicious:false
                        Reputation:unknown
                        Preview:if(!window['googleNDT_']){window['googleNDT_']=(new Date()).getTime();}(function() {window.googleAltLoader=3;var sffeData_={service_host:"syndicatedsearch.goog",hash:"8685197942978268185",packages:"domains",module:"ads",version:"1",m:{cei:"17301431,17301433,17301436,17301511,17301515,17301516,17301266",ah:true,uatm:500,ecfc2:true,llrm:1000,lldl:"bS5zZWFycy5jb20=",abf:{"_disableAdRequestForNewConsentStrategy":true,"_enableNewConsentStrategy":true,"_fixCtcLinksOnIos":true,"_googEnableQup":true,"_switchGwsRequestToUseAdsenseDomain":true,"_useServerProvidedDomain":true,"_waitOnConsentForFirstPartyCookie":true,"enableEnhancedTargetingRsonc":true,"enableNonblockingSasCookie":true},mdp:1800000,ssdl:"YXBwc3BvdC5jb20sYmxvZ3Nwb3QuY29tLGJyLmNvbSxjby5jb20sY2xvdWRmcm9udC5uZXQsZXUuY29tLGhvcHRvLm9yZyxpbi5uZXQsdHJhbnNsYXRlLmdvb2csdWsuY29tLHVzLmNvbSx3ZWIuYXBw",cdl:false,cdh:"syndicatedsearch.goog",cdem:{"afs_aa_baseline":500,"afs_chatbot":0,"afs_gpp_api":0}}};var n;function ba(a){var b=0;return functio

                        Chrome Cache Entry: 72

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:PNG image data, 1500 x 600, 8-bit colormap, non-interlaced
                        Category:downloaded
                        Size (bytes):11375
                        Entropy (8bit):7.645494653990172
                        Encrypted:false
                        SSDEEP:
                        MD5:0CB2E5165DC9324EB462199F04E1FFA9
                        SHA1:9E0F89847EC8A98D98A6020BC5C4ED32B7A48BF8
                        SHA-256:67DFF0AAD873050F12609885F2264417CCDD0D438311000A704C89F0865F7865
                        SHA-512:7A285C4A87B9F9093B7BA720D8FE08E0AD7E2EBDE9EF8C8D11B70AFA08245AF8F8A7281C7B3FBE8BAD21C3AFDE4F32634D3BD416822892AA47BA82C12F4B8191
                        Malicious:false
                        Reputation:unknown
                        URL:http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
                        Preview:.PNG........IHDR.......X.....Om......tEXtSoftware.Adobe ImageReadyq.e<....PLTE......cdtIK^IK]IK\03IHK_acsceubdtcet..0=@SHK]IL]HK\MPbNQbORc.....0"&;(,@+/B04I.2F/3G-1D04H.2E04G15H26I59L8<P6:M9=Q7;N:>R:>Q;?R<@SIL\beuadtbetcftbes..-..0. 5.!6."7.#8."6.$9 %:!&;"'<"';$)>#(<%*?$)=&+@%*>',A&+?(-B).C(-A).B*/C+0D,1E05I15G<@R=ASIM_HL]KO`HL\MQbaeu.....-../.....0../.....0../..1..1..2..3..4. 5.!6.#8.$9.%: &;"':$)<&+>',?(-@).A*/B+0C,1D*/A-2E.3F/4G05H16I/4F05G38K6;N49K;@S;@R<ASGL^bfuaetbft.....0.!5."6.#7.$8.%9 &:!';"(<!':#)=#)<$*=&,@&,?+1E)/B06IGL]GL\HM]bfs..-.....0..1. 4.!5."6.#7.$8 '< ';*0B.4F06H06G..-..0.!5 (< (;...................................................................................................................................................................................................................................................t....tRNS..............................................................................................................................................

                        Chrome Cache Entry: 73

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):761
                        Entropy (8bit):4.695768067919445
                        Encrypted:false
                        SSDEEP:
                        MD5:64F809E06446647E192FCE8D1EC34E09
                        SHA1:5B7CED07DA42E205067AFA88615317A277A4A82C
                        SHA-256:F52CBD664986AD7ED6E71C448E2D31D1A16463E4D9B7BCA0C6BE278649CCC4F3
                        SHA-512:5F61BBE241F6B8636A487E6601F08A48BFFD62549291DB83C1F05F90D26751841DB43357D7FE500FFBA1BC19A8AB63C6D4767BA901C7EDED5D65A1B443B1DD78
                        Malicious:false
                        Reputation:unknown
                        Preview:/*. * Sales form click tracker. *. * tlink() will load a 1x1 GIF to track clickouts to the contact form. * Some basic scrambling prevents (a lot of) web scrapers to follow the link. *. * Date: 2016-03-22.*/..// function tlink(v, wow).// v is a fixed string.// wow will contain the current domain name.function tlink(v, wow) {. if (document.location.search.indexOf('_xas') === -1) {. // define some compenents that will later form the link to the 1x1 GIF. var proto_suf = "tp",. string = "omainb",. parameter = "php?salelink=1";. // generate and load the 1x1 GIF. new Image().src= "ht" + proto_suf + ":" + "//" + "ww" + "w.myd" + string + "uy.com/sale_form." + parameter + "&dom" + "ain_name=" + wow;. }.}.

                        Chrome Cache Entry: 74

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:SVG Scalable Vector Graphics image
                        Category:dropped
                        Size (bytes):391
                        Entropy (8bit):4.7474201749507134
                        Encrypted:false
                        SSDEEP:
                        MD5:8959DDCD9712196961D93F58064ED655
                        SHA1:62AB1E38E7E9FBF58A04381B76C2D96A9C829F24
                        SHA-256:17C7A89BF169C2EE400E31B042CEA68513F06B9CD7D1E8990DBEC800F0D771C7
                        SHA-512:5E9EFFA313C30B351345DB963238B4AFD0728CA302FD79A853C80C89F042266D44CC1D29492520FB0FA80B47135E54E6963DFC21972F6B236B84C1DA2FAD809D
                        Malicious:false
                        Reputation:unknown
                        Preview:<svg fill='#ffffff' xmlns="http://www.w3.org/2000/svg" width="200" height="200" viewBox="0 0 24 24"><path d="M15.5 14h-.79l-.28-.27C15.41 12.59 16 11.11 16 9.5 16 5.91 13.09 3 9.5 3S3 5.91 3 9.5 5.91 16 9.5 16c1.61 0 3.09-.59 4.23-1.57l.27.28v.79l5 4.99L20.49 19l-4.99-5zm-6 0C7.01 14 5 11.99 5 9.5S7.01 5 9.5 5 14 7.01 14 9.5 11.99 14 9.5 14z"/><path d="M0 0h24v24H0z" fill="none"/></svg>.

                        Chrome Cache Entry: 76

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:JSON data
                        Category:downloaded
                        Size (bytes):16
                        Entropy (8bit):3.202819531114783
                        Encrypted:false
                        SSDEEP:
                        MD5:7363E85FE9EDEE6F053A4B319588C086
                        SHA1:A15E2127145548437173FC17F3E980E3F3DEE2D0
                        SHA-256:C955E57777EC0D73639DCA6748560D00AA5EB8E12F13EBB2ED9656ADD3908F97
                        SHA-512:A2FD24056E3EC2F1628F89EB2F1B36A9FC2437AE58D34190630FE065DF2BBEDAF9BD8AEE5F8949A002070052CA68CC6C0167214DD55DF289783CFF682B808D85
                        Malicious:false
                        Reputation:unknown
                        URL:http://ww38.egynte.com/ls.php?t=66f5a58f&token=98aa09de542cc495003380be920e6f08981a04d0
                        Preview:{"success":true}

                        Chrome Cache Entry: 80

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (1879)
                        Category:dropped
                        Size (bytes):153394
                        Entropy (8bit):5.544197583603337
                        Encrypted:false
                        SSDEEP:
                        MD5:A10D58A8A1B9C77B7C05A672EB6BF354
                        SHA1:F471C95EF8BBD5F6B08DA8997B9454B952B1F589
                        SHA-256:2BEC1101F340D395C2610451F3D33940686EE9711DBD9A4A9510ECF3B2C14FE2
                        SHA-512:D064C3A569E51CA4233DCA2628A8CE211DF970FDBB029CB1293BC81D39A2E48F08FBCCCF9A2E820E1284812B4E991F179F785197B82BA137B58931B1E3FA0D2A
                        Malicious:false
                        Reputation:unknown
                        Preview:if(!window['googleNDT_']){window['googleNDT_']=(new Date()).getTime();}(function() {window.googleAltLoader=3;var sffeData_={service_host:"www.google.com",hash:"8685197942978268185",packages:"domains",module:"ads",version:"1",m:{cei:"17300003,17301437,17301439,17301442,17301511,17301516,17301266",ah:true,uatm:500,ecfc2:true,llrm:1000,lldl:"bS5zZWFycy5jb20=",abf:{"_disableAdRequestForNewConsentStrategy":true,"_enableNewConsentStrategy":true,"_fixCtcLinksOnIos":true,"_googEnableQup":true,"_switchGwsRequestToUseAdsenseDomain":true,"_useServerProvidedDomain":true,"_waitOnConsentForFirstPartyCookie":true,"enableEnhancedTargetingRsonc":true,"enableNonblockingSasCookie":true},mdp:1800000,ssdl:"YXBwc3BvdC5jb20sYmxvZ3Nwb3QuY29tLGJyLmNvbSxjby5jb20sY2xvdWRmcm9udC5uZXQsZXUuY29tLGhvcHRvLm9yZyxpbi5uZXQsdHJhbnNsYXRlLmdvb2csdWsuY29tLHVzLmNvbSx3ZWIuYXBw",cdl:false,cdh:"syndicatedsearch.goog",cdem:{"afs_aa_baseline":500,"afs_chatbot":0,"afs_gpp_api":0}}};var n;function ba(a){var b=0;return function(){ret

                        Chrome Cache Entry: 82

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:SVG Scalable Vector Graphics image
                        Category:downloaded
                        Size (bytes):200
                        Entropy (8bit):5.025855206845441
                        Encrypted:false
                        SSDEEP:
                        MD5:11B3089D616633CA6B73B57AA877EEB4
                        SHA1:07632F63E06B30D9B63C97177D3A8122629BDA9B
                        SHA-256:809FB4619D2A2F1A85DBDA8CC69A7F1659215212D708A098D62150EEE57070C1
                        SHA-512:079B0E35B479DFDBE64A987661000F4A034B10688E26F2A5FE6AAA807E81CCC5593D40609B731AB3340E687D83DD08DE4B8B1E01CDAC9D4523A9F6BB3ACFCBA0
                        Malicious:false
                        Reputation:unknown
                        URL:https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
                        Preview:<svg fill='#ffffff' xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M0 0h24v24H0z" fill="none"/><path d="M5.88 4.12L13.76 12l-7.88 7.88L8 22l10-10L8 2z"/></svg>

                        Chrome Cache Entry: 83

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (374), with no line terminators
                        Category:downloaded
                        Size (bytes):374
                        Entropy (8bit):5.466698099361046
                        Encrypted:false
                        SSDEEP:
                        MD5:EE93CE4778CD0FE53DA9AB483BFA8DDD
                        SHA1:32A2A536596BFE79E715109807C217568452CD13
                        SHA-256:69B37EFF7FFD6B12FE81A9E6F663040E2060943CEAC370497C379ACAE3FB4C6E
                        SHA-512:5AC443329C93B342E920F741C6D70738A4AE97B6851A8786563C31795B54158125A0D70D43C9B2A2E534CC43A13509C6747CB7334061CB60421C3247DE64D3FF
                        Malicious:false
                        Reputation:unknown
                        URL:https://partner.googleadservices.com/gampad/cookie.js?domain=ww38.egynte.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie&cookie_types=v1%2Cv2
                        Preview:__sasCookie({"_cookies_":[{"_value_":"ID=a19ecbc3945e8a6f:T=1727374739:RT=1727374739:S=ALNI_MawbXgUXTYn-h2ojYA7j_wvDL2UvQ","_expires_":1761070739,"_path_":"/","_domain_":"egynte.com","_version_":1},{"_value_":"UID=00000efdc35ac9af:T=1727374739:RT=1727374739:S=ALNI_MaQeYGfWdABj781ZnxOqC8k8EUsvQ","_expires_":1761070739,"_path_":"/","_domain_":"egynte.com","_version_":2}]});

                        Static File Info

                        No static file info