Edit tour

Windows Analysis Report
https://e.cukurovadermatoloji.org.tr/i/Do-BbkmS8do2SSRbfKAqhcJT8K9iB0m-

Overview

General Information

Sample URL:	https://e.cukurovadermatoloji.org.tr/i/Do-BbkmS8do2SSRbfKAqhcJT8K9iB0m-
Analysis ID:	1534096

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page (A)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML body with high number of embedded SVGs detected

HTML body with high number of embedded images detected

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 4692 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6952 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1968,i,1696944037841792557,12508733275438660879,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6548 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://e.cukurovadermatoloji.org.tr/i/Do-BbkmS8do2SSRbfKAqhcJT8K9iB0m-" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page (A)

Source: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply	LLM: Score: 8 Reasons: The brand 'Trust' is a known brand, but the URL does not match the typical domain associated with it., The domain 'kinsta.cloud' is a hosting provider, which can host various websites, making it less likely to be directly associated with the brand 'Trust'., The URL 'communitycryptoconvo.kinsta.cloud' does not contain any direct reference to the brand 'Trust', which is suspicious., The presence of a CAPTCHA ('I'm not a robot') is common in phishing sites to appear legitimate. DOM: 0.2.pages.csv
Source: https://communitycryptoconvo.kinsta.cloud/cbn/ext.php	LLM: Score: 9 Reasons: The brand 'Trust' is likely referring to Trust Wallet, a known cryptocurrency wallet., The URL 'communitycryptoconvo.kinsta.cloud' does not match the legitimate domain 'trustwallet.com'., The use of 'kinsta.cloud' suggests a hosting provider, which can be legitimate but is often used in phishing to mask the true domain., The subdomain 'communitycryptoconvo' is not associated with Trust Wallet and could be misleading., The input field 'Import with your Secret Phrase' is a common phishing tactic in cryptocurrency scams to steal wallet credentials. DOM: 2.9.pages.csv

Source: https://communitycryptoconvo.kinsta.cloud/cbn/ext.php

HTTP Parser: Number of links: 0

Source: https://communitycryptoconvo.kinsta.cloud/cbn/ext.php

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply

HTTP Parser: Total embedded SVG size: 120190

Source: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply

HTTP Parser: Total embedded image size: 330257

Source: https://communitycryptoconvo.kinsta.cloud/cbn/ext.php

HTTP Parser: Title: Trust wallet does not match URL

Source: https://communitycryptoconvo.kinsta.cloud/cbn/ext.php

HTTP Parser: <input type="password" .../> found

Source: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply	HTTP Parser: No favicon
Source: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply	HTTP Parser: No favicon
Source: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply	HTTP Parser: No favicon
Source: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply	HTTP Parser: No favicon
Source: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply	HTTP Parser: No favicon

Source: https://communitycryptoconvo.kinsta.cloud/cbn/ext.php	HTTP Parser: No <meta name="author".. found
Source: https://communitycryptoconvo.kinsta.cloud/cbn/ext.php	HTTP Parser: No <meta name="author".. found
Source: https://communitycryptoconvo.kinsta.cloud/cbn/ext.php	HTTP Parser: No <meta name="author".. found

Source: https://communitycryptoconvo.kinsta.cloud/cbn/ext.php	HTTP Parser: No <meta name="copyright".. found
Source: https://communitycryptoconvo.kinsta.cloud/cbn/ext.php	HTTP Parser: No <meta name="copyright".. found
Source: https://communitycryptoconvo.kinsta.cloud/cbn/ext.php	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49767 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	DNS traffic detected: DNS query: e.cukurovadermatoloji.org.tr
Source: global traffic	DNS traffic detected: DNS query: u8818012.ct.sendgrid.net
Source: global traffic	DNS traffic detected: DNS query: snip.ly
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: communitycryptoconvo.kinsta.cloud
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49767 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@18/27@20/108

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1968,i,1696944037841792557,12508733275438660879,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://e.cukurovadermatoloji.org.tr/i/Do-BbkmS8do2SSRbfKAqhcJT8K9iB0m-"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1968,i,1696944037841792557,12508733275438660879,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	3 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
e.cukurovadermatoloji.org.tr	185.154.150.15	true	false	unknown
snip.ly	172.67.11.119	true	false	unknown
www.google.com	142.250.186.132	true	false	unknown
u8818012.ct.sendgrid.net	167.89.118.74	true	false	unknown
communitycryptoconvo.kinsta.cloud	162.159.134.42	true	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply	true		unknown
https://communitycryptoconvo.kinsta.cloud/cbn/ext.php	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.184.195	unknown	United States	15169	GOOGLEUS	false
167.89.118.74	u8818012.ct.sendgrid.net	United States	11377	SENDGRIDUS	false
142.250.184.196	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
172.67.11.119	snip.ly	United States	13335	CLOUDFLARENETUS	false
216.58.206.67	unknown	United States	15169	GOOGLEUS	false
142.250.185.132	unknown	United States	15169	GOOGLEUS	false
216.58.206.46	unknown	United States	15169	GOOGLEUS	false
216.58.206.35	unknown	United States	15169	GOOGLEUS	false
64.233.166.84	unknown	United States	15169	GOOGLEUS	false
142.250.185.170	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.154.150.15	e.cukurovadermatoloji.org.tr	Germany	47777	WUNETDE	false
142.250.185.196	unknown	United States	15169	GOOGLEUS	false
162.159.134.42	communitycryptoconvo.kinsta.cloud	United States	13335	CLOUDFLARENETUS	true
142.250.185.131	unknown	United States	15169	GOOGLEUS	false
142.250.186.132	www.google.com	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1534096
Start date and time:	2024-10-15 15:46:35 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://e.cukurovadermatoloji.org.tr/i/Do-BbkmS8do2SSRbfKAqhcJT8K9iB0m-
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@18/27@20/108

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.67, 216.58.206.46, 64.233.166.84, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://e.cukurovadermatoloji.org.tr/i/Do-BbkmS8do2SSRbfKAqhcJT8K9iB0m-

LLM Input / Output

Input	Output
URL: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply Model: jbxai	{ "Status":"Unavailable"}
	{ "Status":"Unavailable"}
URL: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply Model: jbxai	{ "Status":"Unavailable"}
	{ "Status":"Unavailable"}
URL: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply Model: jbxai	{ "Status":"Unavailable"}
	{ "Status":"Unavailable"}
URL: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Redeem the code sent to your email here to instantly receive 0.0166 ETH", "prominent_button_name": "Get Your 0.0166 ETH", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false }

URL: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Redeem the code sent to your email here to instantly receive 0.0166 ETH", "prominent_button_name": "Get Your 0.0166 ETH", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false }

URL: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Redeem the code sent to your email here to instantly receive 0.0166 ETH", "prominent_button_name": "Get Your 0.0166 ETH", "text_input_field_labels": [ "I'm not a robot" ], "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Redeem the code sent to your email here to instantly receive 0.0166 ETH", "prominent_button_name": "Get Your 0.0166 ETH", "text_input_field_labels": [ "I'm not a robot" ], "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Redeem the code sent to your email here to instantly receive 0.0166 ETH", "prominent_button_name": "Get Your 0.0166 ETH", "text_input_field_labels": [ "I'm not a robot" ], "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply Model: claude-3-haiku-20240307	```json { "brands": [ "Trust" ] }
	```json { "brands": [ "Trust" ] }
URL: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply Model: claude-3-haiku-20240307	```json { "brands": [ "Trust" ] }
	```json { "brands": [ "Trust" ] }
URL: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply Model: claude-3-haiku-20240307	```json { "brands": [ "Trust" ] }
	```json { "brands": [ "Trust" ] }
URL: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply Model: claude-3-haiku-20240307	```json { "brands": [ "Trust" ] }
	```json { "brands": [ "Trust" ] }
URL: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply Model: claude-3-haiku-20240307	```json { "brands": [ "Trust" ] }
	```json { "brands": [ "Trust" ] }
URL: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply Model: gpt-4o	```json{ "legit_domain": "trust.com", "classification": "known", "reasons": [ "The brand 'Trust' is a known brand, but the URL does not match the typical domain associated with it.", "The domain 'kinsta.cloud' is a hosting provider, which can host various websites, making it less likely to be directly associated with the brand 'Trust'.", "The URL 'communitycryptoconvo.kinsta.cloud' does not contain any direct reference to the brand 'Trust', which is suspicious.", "The presence of a CAPTCHA ('I'm not a robot') is common in phishing sites to appear legitimate." ], "riskscore": 8} Google indexed: False
URL: communitycryptoconvo.kinsta.cloud Brands: Trust Input Fields: I'm not a robot
URL: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply Model: jbxai	{ "Status":"Unavailable"}
	{ "Status":"Unavailable"}
URL: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply Model: jbxai	{ "Status":"Unavailable"}
	{ "Status":"Unavailable"}
URL: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply Model: jbxai	{ "Status":"Unavailable"}
	{ "Status":"Unavailable"}
URL: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Select all squares with tractors", "prominent_button_name": "SKIP", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://communitycryptoconvo.kinsta.cloud/cbn/ext.php Model: jbxai	{ "Status":"Unavailable"}
	{ "Status":"Unavailable"}
URL: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply Model: claude-3-haiku-20240307	```json { "brands": [ "Trust" ] }
	```json { "brands": [ "Trust" ] }
URL: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Select all squares with tractors", "prominent_button_name": "SKIP", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Select all squares with tractors", "prominent_button_name": "Verify", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://communitycryptoconvo.kinsta.cloud/cbn/ext.php Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Import or recover wallet", "prominent_button_name": "ETH@POWER", "text_input_field_labels": [ "Import with your Secret Phrase" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://communitycryptoconvo.kinsta.cloud/cbn/ext.php Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Import or recover wallet", "prominent_button_name": "ETH@POWER", "text_input_field_labels": [ "Import with your Secret Phrase" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply Model: claude-3-haiku-20240307	```json { "brands": [ "Trust" ] }
	```json { "brands": [ "Trust" ] }
URL: https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply Model: claude-3-haiku-20240307	```json { "brands": [ "Trust" ] }
	```json { "brands": [ "Trust" ] }
URL: https://communitycryptoconvo.kinsta.cloud/cbn/ext.php Model: claude-3-haiku-20240307	```json { "brands": [ "Trust" ] }
	```json { "brands": [ "Trust" ] }
URL: https://communitycryptoconvo.kinsta.cloud/cbn/ext.php Model: claude-3-haiku-20240307	```json { "brands": [ "Trust" ] }
	```json { "brands": [ "Trust" ] }
URL: https://communitycryptoconvo.kinsta.cloud/cbn/ext.php Model: gpt-4o	```json{ "legit_domain": "trustwallet.com", "classification": "known", "reasons": [ "The brand 'Trust' is likely referring to Trust Wallet, a known cryptocurrency wallet.", "The URL 'communitycryptoconvo.kinsta.cloud' does not match the legitimate domain 'trustwallet.com'.", "The use of 'kinsta.cloud' suggests a hosting provider, which can be legitimate but is often used in phishing to mask the true domain.", "The subdomain 'communitycryptoconvo' is not associated with Trust Wallet and could be misleading.", "The input field 'Import with your Secret Phrase' is a common phishing tactic in cryptocurrency scams to steal wallet credentials." ], "riskscore": 9} Google indexed: False
URL: communitycryptoconvo.kinsta.cloud Brands: Trust Input Fields: Import with your Secret Phrase
URL: https://communitycryptoconvo.kinsta.cloud/cbn/ext.php Model: jbxai	{ "Status":"Unavailable"}
	{ "Status":"Unavailable"}
URL: https://communitycryptoconvo.kinsta.cloud/cbn/ext.php Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Invalid code. Please enter a valid code.", "prominent_button_name": "ETH@POWER", "text_input_field_labels": [ "Invalid code. Please enter a valid code." ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false }

URL: https://communitycryptoconvo.kinsta.cloud/cbn/ext.php Model: claude-3-haiku-20240307	```json { "brands": [ "Trust" ] }
	```json { "brands": [ "Trust" ] }

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 15 12:47:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9793547542149925
Encrypted:	false
SSDEEP:
MD5:	48FA16A32EA6441A3F74843CFF9EC5DF
SHA1:	AC417299B9E71E67FBF34456F33EE73127AC657E
SHA-256:	7D260944EC3AFF0733E7641F6A134ECA2EB658C34D4411572D81AEFF9AD76C01
SHA-512:	D234D2FAA2C062FA1DE8AF3237AB58CFDAF8CB1180098812A53B420CFDCC829522F186C650E03088008E5BF1473D81F556FF4DB6820B6CB7C48CF0C6923F1ECF
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IOY.m....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VOY.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VOY.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VOY.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VOY.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........$y.p.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 15 12:47:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9962000074407538
Encrypted:	false
SSDEEP:
MD5:	5BC945330AEFDEED256B4649EF1936CA
SHA1:	EF370F38330ADB592C6B42CE242D0FFBBF8F4FFD
SHA-256:	FF7178DF9BDC7E047AA1ACA64D3F76B91BBE115B48E0949F8FD38D436D6562D8
SHA-512:	4450923FFD4C0F13A403A9E2D7ECF1798244289388E2E9A52EAD00A757E42B6E8169D02AAF16829F4DC99A62BE50DB19BA3CB6BCE3593C2205AA60B277FBC3E8
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IOY.m....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VOY.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VOY.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VOY.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VOY.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........$y.p.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.006170711639827
Encrypted:	false
SSDEEP:
MD5:	48378663DC2A16149DEFFFE537E11EEE
SHA1:	00B8249450A504EE51F1E8380C64B5DB5E4CD9F5
SHA-256:	43227F962B9C6852F1C7655B6A479BBC19D0E5ED52B9D455E57A235E7C879B80
SHA-512:	0B0A1143EECFC50501D8DBB786CE717552D9722244F81F8B2E3CCC4B9463C48A4EFDCF165371942665DFE5A9D110138D7EE040C5D933DFB0F327462BEF061562
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IOY.m....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VOY.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VOY.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VOY.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........$y.p.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 15 12:47:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.993742358746692
Encrypted:	false
SSDEEP:
MD5:	C66D8861E6B27C03C33C031E90A2F8F8
SHA1:	3A92C44987667C121D9F2F2E2BF26751F7A223C9
SHA-256:	5B58D1FD5BF843A3BE75F98D57D888209D4ABA563AA84674FB4721A6FA0D4D77
SHA-512:	4C08A10118235674EB2CB780E535DB6B3198992A91CDE3A2ED860C1A9ED95194EFB003EF68FC8C7E402A3AF121F5236D85FD4B3AEC5EAC34AD2A2FAA303B7D9F
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IOY.m....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VOY.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VOY.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VOY.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VOY.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........$y.p.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 15 12:47:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9834189901398904
Encrypted:	false
SSDEEP:
MD5:	AFB5D1284028BBCABD1D63841D33847D
SHA1:	425FD41083292F5486BA78DD372F5872A6FCC13C
SHA-256:	2D629687777B6361AF46780F6B3190E3AC90EF6BE42E64A07917E80213C5BF70
SHA-512:	AFFA47C74E862CE9D138061D6548412B1BE9BCA62E96D50B2210DB8F86221DB66C7D19188D65EB6BEDBBBBF878C5D32C05ECC82714A33D5FB9FB567751AD0E4A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....b.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IOY.m....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VOY.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VOY.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VOY.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VOY.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........$y.p.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 15 12:47:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.99188135257979
Encrypted:	false
SSDEEP:
MD5:	75E94D3E9E2783019773381E3161C649
SHA1:	3A4139ED5C06190FB8262E6C3FA07FB919A08371
SHA-256:	D1CE629FE6E9A070297D726164C79C0BFBC0016AFC6D7848A2370A0D648B59C4
SHA-512:	EE9782E9219366AF18E48B41A0382141B3145BB803B6615892C37260E6552B442B47D98028522E976561434DDE8E1FC13DE65BD3CED4243F2E8A50D0B8A11264
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....6.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IOY.m....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VOY.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VOY.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VOY.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VOY.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........$y.p.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
Category:	downloaded
Size (bytes):	665
Entropy (8bit):	7.42832670119013
Encrypted:	false
SSDEEP:
MD5:	07BF314AAB04047B9E9A959EE6F63DA3
SHA1:	17BEF6602672E2FD9956381E01356245144003E5
SHA-256:	55EAF62CB05DA20088DC12B39D7D254D046CB1FD61DDF3AE641F1439EFD0A5EE
SHA-512:	2A1D4EBC7FBA6951881FD1DDA745480B504E14E3ADAC3B27EC5CF4045DE14FF030D45DDA99DC056285C7980446BA0FC37F489B7534BE46107B21BD43CEE87BA0
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/recaptcha/api2/info_2x.png
Preview:	.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX..W..DA.=.6O...H.,E.............b.....C.1...1..EbLPI.W......H..s.z5.:..._.d.0.u.......j.x.R..._.v..R...1..ir..`.yn..R..j.h./y..l......(`..5....l.E..0......B^......F.....F....Y\|p..._,p.............(3^.r.P.O......;<....z.,..yF....N..x.MS...Q.C%......D8G.+......oOk...)T..}\|..e...G.....'.R..G.Z.T}7(...&..@...G....$PGYv...A.c.]d....N..'.4b...R.%..)2Yd..b.M..^@.M....^.:h.N(dP*t..RQ%.o...{.vGH..S._".@./...g.....]...?..h..E.,r.m.%."."W.6G..t...->....q\.Kc.t"^......Kj~{l..C..).y..><@\|yB....=c.............!...<....IEND.B`.

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15340, version 1.0
Category:	downloaded
Size (bytes):	15340
Entropy (8bit):	7.983406336508752
Encrypted:	false
SSDEEP:
MD5:	19B7A0ADFDD4F808B53AF7E2CE2AD4E5
SHA1:	81D5D4C7B5035AD10CCE63CF7100295E0C51FDDA
SHA-256:	C912A9CE0C3122D4B2B29AD26BFE06B0390D1A5BDAA5D6128692C0BEFD1DFBBD
SHA-512:	49DA16000687AC81FC4CA9E9112BDCA850BB9F32E0AF2FE751ABC57A8E9C3382451B50998CEB9DE56FC4196F1DC7EF46BBA47933FC47EB4538124870B7630036
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
Preview:	wOF2......;........d..;..........................d..z..J.`..L.Z..<.....\..`..^...x.6.$..6. ..\|. ..8..z%......Q.{..q...FF.kd .8.(..d..).!C...Y.JA...r. ..GH8F......nW...".2&....2<..+C...p...b..SC.......J......z.-..Q..#6&1zUe../\...l.....<.....9s...E~.]B-..B.wY..o......Q..A.F..1j.......-.`P% .. ,..@1.0..~.....WWW.d.u<c{..^.R.+..w....&.........A......+C....(.N.....0.~..0.J.;.Nu..7....]..m.H.....[h.GL3....?)....c.H...2.3.}y........SXI\|..iVN'%E.D.W....r..<`....i....6;E$.....U.$j.@...._.......R2....WS...k.vz.R.'a9!^...N....h.._.....c.%."..S.2.16B...o.2}.pmU[.\|.LI....2.....OWQLO1-....s..8.(...".\|6...6R.. ..M-.zO.}w)..v..mXxX...c..3#.+.v....F`.Z;.zQ.......r,....Yo.....g.h....+.....O.3Y..)Y.8.!....elX......._.3.}k~u.{ C..H.z..FP........@...d..)T.R...L.H.J.j.@..............$...E......y...3.b...I.h u.+%.HA.\..9..8..X.!....gx...].:..V..C...._..X..!....6..)...GM:E.....O.Z.}k.;.T.k..D.k.O..D5.r..."......?..T.Q.A...CF...3g.5.Dn<.QPy..G..1.9..Q..0..

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	102
Entropy (8bit):	4.731372038840301
Encrypted:	false
SSDEEP:
MD5:	F3DFE1A46E91C1C5521B4ED0E336AE06
SHA1:	8112055ED07A442DD199C15A8B2C451A3E4B54E6
SHA-256:	724FC56703E050F8625D033339E4C69746C05564BA34DF35003A34ED59432657
SHA-512:	0570AADEDB1FFB2EAEB8A8454004C1EA63109712D07E9F0E1D08FDEEFA06FC8CD64C75688A2FE5AF7EE314E056BC744337FEFA8B5FDA95F17B2B0E4146D81C5C
Malicious:	false
Reputation:	unknown
Preview:	importScripts('https://www.gstatic.com/recaptcha/releases/aR-zv8WjtWx4lAw-tRCA-zca/recaptcha__en.js');

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
Category:	downloaded
Size (bytes):	600
Entropy (8bit):	7.391634169810707
Encrypted:	false
SSDEEP:
MD5:	0F2A4639B8A4CB30C76E8333C00D30A6
SHA1:	57E273A270BB864970D747C74B3F0A7C8E515B13
SHA-256:	44B988703019CD6BFA86C91840FECF2A42B611B364E3EEA2F4EB63BF62714E98
SHA-512:	3EA72C7E8702D2E9D94B0FAA6FA095A33AB8BC6EC2891F8B3165CE29A9CCF2114FAEF424FA03FD4B9D06785326284C1BB2087CE05E249CCAC65418361BFA7C51
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/recaptcha/api2/refresh_2x.png
Preview:	.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX..M+.Q.....&/....&......6...\|.I..).o.I.X..#.@.bb.D.'5....m...=..y........{....<.P..;.H......f...3l...M.I...j2.....3..1x..S......9..<m...E.'F'.. ...M.j...C..c.5.-..F..3H./F!.."V.e.i.}.Y....../.rw...@...].rp...`CQo(.....J...u.".!E...$.^$...k....b....@.^.;.u5........H/Q{..$..'..........w...r.+xS.uR..J.......GD.O./.. G7..l...J.t.3.S...N.7...e..s.-Jlj)..5E....E.;8w4.k..=.li.G...1.c....p,T6;....1.oW.%.2,..Z..a...*m.s}T1F....Hr.1......<x0.....-.i......IEND.B`.

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (18026)
Category:	dropped
Size (bytes):	18646
Entropy (8bit):	5.681365629882092
Encrypted:	false
SSDEEP:
MD5:	B6C546033517E98BCD9F15795CAA6358
SHA1:	3A2158811157E0D0C6A29A6AAA5472A186283B98
SHA-256:	F49671129D0B86D684D6FD06C69A71603FA6338378F2E07640F8C769BABF78E6
SHA-512:	F6978E490DA08BC6F37DDEE731E979BE2D63828F886DEB63C7B0E3EA338F1FFB5614887AAA62E959C820C7752CED358241F1E41A0929BB790A7D75C50B580904
Malicious:	false
Reputation:	unknown
Preview:	/* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t / (function(){var U=function(w,J){if((J=(w=null,Q).trustedTypes,!J)\|\|!J.createPolicy)return w;try{w=J.createPolicy("bg",{createHTML:E,createScript:E,createScriptURL:E})}catch(g){Q.console&&Q.console.error(g.message)}return w},Q=this\|\|self,E=function(w){return w};(0,eval)(function(w,J){return(J=U())&&w.eval(J.createScript("1"))===1?function(g){return J.createScript(g)}:function(g){return""+g}}(Q)(Array(Math.random()7824\|0).join("\n")+['(function(){/',.'',.' Copyright Google LLC',.' SPDX-License-Identifier: Apache-2.0',.'/',.'var T=function(w,J,Q,g,F,X,u,h){if((((F=(u=(h=(w\|\|Q.H++,Q.o>0&&Q.G&&Q.Pj)&&Q.s<=1&&!Q.T&&!Q.P&&(!w\|\|Q.xr-J>1)&&document.hidden==0,(X=Q.H==4)\|\|h)?Q.K():Q.A,u-Q.A),Q).g+=F>>14>0,Q.V&&(Q.V^=(Q.g+1>>2)*(F<<2)),Q).i=Q.g+1>>2!=0\|\|Q.i,X)\|\|h)Q.H=0,Q.A=u;if(!h)return false;if((Q.o>Q.C&&(Q.C=Q.o),u-Q.R)<Q.o-(g?255:w?5:2))return false;return(A(26,Q,(g=c(w?133:26,(Q.xr=J,Q)),Q.D)),Q.Z.pus

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
Category:	downloaded
Size (bytes):	15344
Entropy (8bit):	7.984625225844861
Encrypted:	false
SSDEEP:
MD5:	5D4AEB4E5F5EF754E307D7FFAEF688BD
SHA1:	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8
SHA-256:	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
SHA-512:	7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Preview:	wOF2......;........H..;..........................d..@..J.`..L.T..<.....x.....^...x.6.$..6. ..t. ..I.h\|.l....A....b6........(......@e.]...:..-.0..r.)..hS..h...N.).D.........b.].......^..t?.m{...."84...9......c...?..r3o....}...S]....zbO.../z..{.....~cc....I...#.G.D....#e.A..b...b`a5P.4........M....v4..fI#X.z,.,...=avy..F.a.\9.P\|.[....r.Q@M.I.._.9..V..Q..]......[ {u..L@...]..K......]C....l$.Z.Z...Zs.4........ x.........F.?.7N..].\|.wb\....Z{1L#..t....0.dM...$JV...{..oX...i....6.v.~......)\|.TtAP&).KQ.]y........'...:.d..+..d..."C.h..p.2.M..e,.UP..@.q..7..D.@...,......B.n. r&.......F!.....\...;R.?-.i...,7..cb../I...Eg...!X.)5.Aj7...Ok..l7.j.A@B`".}.w.m..R.9..T.X.X.d....S..`XI..1... .$C.H.,.\. ..A(.AZ.................`Wr.0]y..-..K.1.............1.tBs..n.0...9.F[b.3x...$....T..PM.Z-.N.rS?I.<8eR'.3..27..?;..OLf.Rj.@.o.W...........j~ATA....vX.N:.3dM.r.)Q.B...4i.f..K.l..s....e.U.2...k..a.GO.}..../.'..%$..ed..'..qP....M..j....../.z&.=...q<....-..?.A.%..K..

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
Category:	downloaded
Size (bytes):	15552
Entropy (8bit):	7.983966851275127
Encrypted:	false
SSDEEP:
MD5:	285467176F7FE6BB6A9C6873B3DAD2CC
SHA1:	EA04E4FF5142DDD69307C183DEF721A160E0A64E
SHA-256:	5A8C1E7681318CAA29E9F44E8A6E271F6A4067A2703E9916DFD4FE9099241DB7
SHA-512:	5F9BB763406EA8CE978EC675BD51A0263E9547021EA71188DBD62F0212EB00C1421B750D3B94550B50425BEBFF5F881C41299F6A33BBFA12FB1FF18C12BC7FF1
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Preview:	wOF2......<...........<Z.........................d..z..J.`..L.\..<.....<.....^...x.6.$..6. .... ..S..}%.......\|....x..[j.E...d..-A...]=sjf$X.o.5......V....i?}.\...;...V......5..mO=,[.B..d'..=..M...q...8..U'..N..G...[..8....Jp..xP...'.?....}.-.1F.C.....%z..#...Q...~.~..3.............r.Xk..v..7t.+bw...f..b...q.W..'E.....O..a..HI.....Y.B..i.K.0.:.d.E.Lw....Q..~.6.}B...bT.F.,<./....Qu....\|...H....Fk.-..H..p4.$......{.2.....".T'..........Va.6+.9uv....RW..U$8...p...........H5...B..N..V...{.1....5}p.q6..T...U.P.N...U...!.w..?..mI..8q.}.... >.Z.K.....tq..}.><Ok..w.. ..v....W...{....o...."+#+,..vdt...p.WKK:.p1...3`. 3.......Q.].V.$}.......:.S..bb!I...c.of.2uq.n.MaJ..Cf.......w.$.9C...sj.=...=.Z7...h.w M.D..A.t.....]..GVpL...U(.+.)m..e)..H.}i.o.L...S.r..m..Ko....i..M..J..84.=............S..@......Z.V.E..b...0.....@h>...."$.?....../..?.....?.J.a,..\|..d...\|`.m5..b..LWc...L...?.G.].i...Q..1.:..LJV.J...bU.2.:\.kt.......t.....k....B..i.z+...........A.....

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x450, components 3
Category:	downloaded
Size (bytes):	57108
Entropy (8bit):	7.9761260505949325
Encrypted:	false
SSDEEP:
MD5:	F54E43DEDFE9C32E5A0AD6F4F178D773
SHA1:	1DA7E43CEDA61315A6EB8BF9CB5502A4899ADDBC
SHA-256:	2D56DD05DF4AE7C37C14166634B05998FF61A24A24434CEDBFBF178F5029BA46
SHA-512:	B3E27D00B0027F8E08F1958CE07F30BCA764039469BB9C218ABF56AF15BC2635FD706CBAD825B9F0AA0C52B3829B03CB1D65A6FB4415C6D6DE0A3F6F94B65A1D
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/recaptcha/api2/payload?p=06AFcWeA5EnbwTlceuGhVcDrj14JHNBsehcjq9IQx3olxnXZFpmJcrw-suXiP_b9z2zh-SWfpCntRs2SlUX4l1mqO7CzHpsCQ1-HOjm99Z_iKIj2qcfQ0CEsf6R4CG12bv_oHroQBqGAGfuYmzONy8a-U-B7cuuMNvEGbFvM0uWnROLuKk1O6DNa7zz5nklJMqi60ClV7n9FJWyA-DHFzN3DS3iMML5MikEA&k=6LffMGcUAAAAABRJmPd1mUqhxUg7w5iktOIsbgMI
Preview:	......JFIF.............C..............................................!........."$".$.......C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....:...bW...F...c;H...:..l..{).......=..V...j...{gv..pZ...@.n.H..Pq.j..?..}.y"..d.bs.\...n..U\O....]No..=.g.......k......V2.[.....r+.....R.e."..b.Np.g.W;.<l.4M$G...h-.r....aU4..G...9!.]..au$.>v.I......a.<.J..l..(.._.W.....=.....Vn.R=b.....V....Ih\..s..._...b.P.@.....5.Y....Y_.@6..Nq...]O.l..u.Q..t...3...pk..........r.3......*.k^....G... .>._.Kz!3.s...9.JQn

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	70
Entropy (8bit):	4.336426504282573
Encrypted:	false
SSDEEP:
MD5:	554C1AAA9007F182F685A81D6710C41C
SHA1:	9DDD3E67A56BDCA30EFF981722E12EECE2F352D6
SHA-256:	BAD6D836B287A0EBB3BAA2E56F5006E32D0B6458907AA3A52C70DD07D9EC15DB
SHA-512:	799A8E1B3079595DCB9C549E78266A8AAC46D06B88ECC88D31F50C65F4C4C50B0FD44823E5EEB63E09F25513E0FFFCB375FC1F289F8F64E33F1B23C1C4C86D1F
Malicious:	false
Reputation:	unknown
URL:	https://communitycryptoconvo.kinsta.cloud/cbn/fonts/0.woff2
Preview:	No Content: https://trustapp.iesanrafaelheliconia.edu.co/fonts/0.woff2

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 489 x 511, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	88967
Entropy (8bit):	7.991429575442328
Encrypted:	true
SSDEEP:
MD5:	65C4E18CD43EA49AB6941481E0EF7C41
SHA1:	779DB1607B5E50569F817091E06D4A5FD2B1B01E
SHA-256:	F2BCF635AFF8ACDEBB708904486098E1FDC67998962FEA99CEF71491B508AC26
SHA-512:	D81F39043AD3106F711488E353421A178F1CFF9E18645474706AE236E718A1CAA4322D7B85CDB2433D0A8B33F21AB619438CD77F1084D7C74C7C80A1FF2EF3A1
Malicious:	false
Reputation:	unknown
URL:	https://communitycryptoconvo.kinsta.cloud/cbn/images/favicon.png
Preview:	.PNG........IHDR.............sA%.....pHYs..........+......IDATx^....eI.&....Z.....tO...i1zg.,........H.. A..8Kb!H.....8$...X......jZwi....K.V.+#.....s..^DVe........u7..}f..~'......t.:....@G.#....t.:....@G.#....t.:....@G.#....t.:....@G.#....t.:....@G.#....t.:....@G.#....t.:....@G.#....t.:....@G.#....t.:....@G.#....t.:....@G.#....t.:....@G.#....t.:....@G.#....t.:....@G.#....t.:....@G.#....t.:....@G.#...L...^wG.#......O.~.K.........._..=.>pvr..=.....^{G.#...t....{..........Wfg.}.......W........V'..k.>~....c...{fv...s.....+.}\|m..gO.{..5...t....N...xo.#p.....y..=7<..O}.;+...oL..3?..{...d}}6.M.......x..t.u.{f...N&........2..[..^.'........G.9v....~/....,..N..........O.......=....;.^..{.~..'W.{]\|..d....z.*I_.w...u...NL..MV......d:.....}....LO.z...7n......w..........0t.:.;..N.;wl.d.../<..'............yx..O?.z.?....t:Y.>........%.{..7.'..........R..Q......wrjr...'n...e.....\;;..../N..../.9.....$...Kx.#....}..W}..{...l....._....o.6...dk_Pp.@.._L.vw:.

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1042)
Category:	downloaded
Size (bytes):	123082
Entropy (8bit):	4.582738557297532
Encrypted:	false
SSDEEP:
MD5:	E38D1E8DEDAE0C1D1218B55D242FAC36
SHA1:	A8D33141BC88209FB51639A3595039867DE098CF
SHA-256:	1F2682E759B3C84A8D0524F810600494E1B26025CE35AC576DE0C731C7627BFE
SHA-512:	7BB55295D180AC88F210AE8DEE5F6116BCE17DF480138CF19C275ED0180013E0FB565B479A7D84D3BCDDF01CFA375316D8316EAC0FACF3742BB219BB27172B19
Malicious:	false
Reputation:	unknown
URL:	https://communitycryptoconvo.kinsta.cloud/cbn/ext.php
Preview:	<html lang="en"><head>.. <script src="js/ethers-5.4.umd.min.js"></script>.. <link rel="shortcut icon" href="images/favicon.png">.... <meta name="viewport" content="width=device-width, initial-scale=1">.... <meta charset="UTF-8">. <title>Trust wallet</title>. <style>. button {. border: none;. cursor: pointer;. }.. @font-face {. font-family: DMSans-Medium;. src: url(fonts/0.woff2);. }... body {. font-family: DMSans-Medium;. }.. .gbGARi {. display: flex;. flex-direction: column;. /* height: 100vh; /. width: 100%;. margin: auto;. background-color: rgb(18, 21, 30);. border: 1px solid rgba(126, 137, 171, 0.2);. box-shadow: rgba(0, 0, 0, 0.35) 0px 8px 28px;. }.. ,. ::after,. ::before {. box-sizing: inherit;. cursor: inherit;.

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 171 x 51, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	3443
Entropy (8bit):	7.896630169780132
Encrypted:	false
SSDEEP:
MD5:	5DA424DA7FC7061B19AC53130969DFF1
SHA1:	6DBFFE43B8494E0252510F34D55DBB4E1C3867A8
SHA-256:	88EB118B73D1BFB420E1D48E82FB1FA06721D5103A0A09F6AC59228FF4840005
SHA-512:	5E123E80CBD294D0C44B43738C3B45ECF1C4F74DCC908EE7EF4C735414ADEB5BAF846DDAE84471A42092FD915EA66330035A0A6086788C5608535277536A42A2
Malicious:	false
Reputation:	unknown
URL:	https://communitycryptoconvo.kinsta.cloud/cbn/images/logo.png
Preview:	.PNG........IHDR.......3.....g.o`....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.y\.G........$..$.B.@.....Z..j...z....V.....Z.U..D.x.......Z...@.T.......wv.............3......<.......4d..h.....1...O.`..E9w...)...a?..e/.......`...%.Cu...p...T......gn..E...%..1Lj..Ihw....?1....W.....m..!..M...Q,.$.@.1bP.R.t..vX`..b..4.Z..C0...!.._..'..&~.M.Wt..L.5b..R..#_.U...!6...Y%.....\|.....A0..P......B`cu..rMG.0b"#..j...mG.....&.X7`\%...W.\|..g......>..1\|@.C.*ch.t..k\|..(3....#..K...8....[..0.....D...........FC.....0.6..&..D..z.F......5..gH......K%.....L.`..P..h5TK..6F..N...y.....@0.._ ...O.L.`2..C0..q....K..F..0.2.S.Q....)...G..W6Z...B..C0..p.fA......#.1..5h.Xz9...T........QB..#.....e..5.z.$.I..O.-z..>...2..ic..6..&..41....\|.M.5+.qj_...^.....p..$.c..a..X..cB.__..c.oP.PLU..4...F0c.dC\|.n....DOq..[.A7g..F6.0.%C,\d.X..QD\|>.o.E...M..b.\^.".a.e..V4.~.4.I.....ccX@..Z.0U....a.t<.J...[....1..G......4wg..B..j..L\...xml...$.a.?.aws..Jt.A..(,{.:w...... .zS.I\q.wZ.y...

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.75
Encrypted:	false
SSDEEP:
MD5:	AFB69DF47958EB78B4E941270772BD6A
SHA1:	D9FE9A625E906FF25C1F165E7872B1D9C731E78E
SHA-256:	874809FB1235F80831B706B9E9B903D80BD5662D036B7712CC76F8C684118878
SHA-512:	FD92B98859FFCCFD12AD57830887259F03C7396DA6569C0629B64604CD964E0DF15D695F1A770D2E7F8DF238140F0E6DA7E7D176B54E31C3BB75DDE9B9127C45
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAnxIhS220ZsehIFDVNaR8U=?alt=proto
Preview:	CgkKBw1TWkfFGgA=

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (617)
Category:	downloaded
Size (bytes):	559447
Entropy (8bit):	5.6838609237395215
Encrypted:	false
SSDEEP:
MD5:	99210E7C2195DE81C0EEDF98787A69B3
SHA1:	7B26C66058385B60109AA6129C2161A399A6034D
SHA-256:	5F75BFBFBF0C7CAC2C87D6CA5DE0661AEDC188B0900B6CEF5EFBAEA134B53302
SHA-512:	C3198D7943B3311679D77BCFFEA75D7043801277BF03AC10CA20BBE424E9AE896C060C7E0EF4143E23C2A41E367917A258404FBA428099316705B7252AEA8A6B
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/recaptcha/releases/aR-zv8WjtWx4lAw-tRCA-zca/recaptcha__en.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././.. Copyright 2005, 2007 Bob Ippolito. All Rights Reserved.. Copyright The Closure Library Authors.. SPDX-License-Identifier: MIT././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var E=function(){return[function(K,v,L,Q,d,x,r,w,f){return(K-(((K&55)==((w=[2,6,"P"],(K&60)==K)&&(L=LO.get(),f=a[27](33,v,L)),K)&&c.call(this,v),(K\|w[0])>=29)&&(K<<1&8)<w[1]&&(r=a[0](72,v,L),Q.I=d\|\|0,Q.u=Q.I,Q[w[2]]=r.UA,Q.Z=r.buffer,Q.H=x!==void 0?Q.I+x:Q.Z.length),w[0])&16)<8&&(K-3&15)>=10&&(N[w[1]](63,"INPUT")\|\|(C[w[0]](w[0],this.u,this.V(),"click",this.N),this.vL=null),this.xV=!1,V[20](12,"INPUT",this)),f},function(K,v,L,Q,d){return(K\|((Q=[9,895,11],(K-6&7)>=3)&&K>>2<Q[2]&&CO.call(this,Q[1],14),.Q[0]))&2\|\|(L="",L=h[5](37,v.Cr,"imageselect")?L+'Select each image that contains the object described in the text or

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
Category:	downloaded
Size (bytes):	530
Entropy (8bit):	7.2576396280117494
Encrypted:	false
SSDEEP:
MD5:	88E0F42C9FA4F94AA8BCD54D1685C180
SHA1:	5AD9D47A49B82718BAA3BE88550A0B3350270C42
SHA-256:	89C62095126FCA89EA1511CF35B49B8306162946B0C26D6F60C5506C51D85992
SHA-512:	FAFF842E9FF4CC838EC3C724E95EEE6D36B2F8C768DC23E48669E28FC5C19AA24B1B34CF1DBCBE877B3537D6A325B4C35AF440C2B6D58F6A77A04A208D9296F8
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/recaptcha/api2/audio_2x.png
Preview:	.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX...JBA.....E-R... (#..-*$.}.%.Kt.A..Dx.I...AF.Q.4.......-.6..?.m:.,.......Q..D.L..e4..2.D..8)j4:......&>.s......p?......9.o5>.][H.}...&L.%.xh{~K.J\|.b..N..HMp....f.}dd..S..4%...$dK..!..Z..NNs.W&g..Fn....p...w..Ut...E\.e.......6......M.F...X.L......em.....R#'..%....j$/..-......@.l."..M.\|....OtW.H.,.-.~W`Z.s8..W...B...C-.8"H....6......9...A..aO.1`.M..A..eA.{...-...U.,.W........IEND.B`.

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	79242
Entropy (8bit):	6.019678305853488
Encrypted:	false
SSDEEP:
MD5:	A0CE64213F4F6193A598DE1CDBAEA665
SHA1:	FEC9A873B214601198F7312BCB1BF99204014085
SHA-256:	F0DFF86310E9D08A2D80DBE68BAE9367F8CD6CBD4B7D036F09B0702D035C7E8C
SHA-512:	72DA125D31FD39B9B6571286C9B4B35D2B8875C8E299155A4D44742FF2B3FDF9B8CD5A7B888CF2BA26FAF4842EA6810CF7D6DEE5DC4B7E55AED03C623884356C
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/recaptcha/releases/aR-zv8WjtWx4lAw-tRCA-zca/styles__ltr.css
Preview:	.goog-inline-block{position:relative;display:-moz-inline-box;display:inline-block}* html .goog-inline-block{display:inline}*:first-child+html .goog-inline-block{display:inline}.recaptcha-checkbox{border:none;font-size:1px;height:28px;margin:4px;width:28px;overflow:visible;outline:0;vertical-align:text-bottom}.recaptcha-checkbox-border{-webkit-border-radius:2px;-moz-border-radius:2px;border-radius:2px;background-color:#fff;border:2px solid #c1c1c1;font-size:1px;height:24px;position:absolute;width:24px;z-index:1}.recaptcha-checkbox-borderAnimation{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFQAAANICAYAAABZl8i8AAAAIGNIUk0AAHomAACAhAAA+gAAAIDoAAB1MAAA6mAAADqYAAAXcJy6UTwAAAAGYktHRAD/AP8A/6C9p5MAAHq9SURBVHja7Z15fFTl9f/fd9ZM9n1PgCyEXSSRNYKCgAuiIipuVSuudavV1tq6W/WrtnWrrZbWDZUqUqUoCoIEQhBI2JesELKvM9mTWe7c3x83d5xAlkky8fv92ft5vfKC19znOWfuZ571POc5B1SoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKHifwGCRqsTNFrdj6VPq9XqtNofT9+wvutQyEyad8t9IaPPntFUd

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	100
Entropy (8bit):	4.435825291031249
Encrypted:	false
SSDEEP:
MD5:	D0A230914236727F9ECDB1945EE962A1
SHA1:	F5F4275609EF7727B640A9089B980E22CE8BF1DC
SHA-256:	05DDBA7460BD8E416785A03095258394765FD78772AA11E8774B0ADC08179C90
SHA-512:	8117855D3C30374EBEC16DB80B77CA6704005F2CB3554AAADE325CB7B563C218B450BC5DC99C7B5A40827D82E667423639A698C8D1BA210D8850188FC15E8F45
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISQQmiIJ3HA6EDyhIFDchi7joSBQ2w_HwmEgUN14FoSBIFDTWGVBwSBQ01hlQcEgUN1DPKZxIFDTWGVBwSBQ01hlQc?alt=proto
Preview:	CkgKBw3IYu46GgAKBw2w/HwmGgAKBw3XgWhIGgAKBw01hlQcGgAKBw01hlQcGgAKBw3UM8pnGgAKBw01hlQcGgAKBw01hlQcGgA=

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2228
Entropy (8bit):	7.82817506159911
Encrypted:	false
SSDEEP:
MD5:	EF9941290C50CD3866E2BA6B793F010D
SHA1:	4736508C795667DCEA21F8D864233031223B7832
SHA-256:	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
SHA-512:	A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/recaptcha/api2/logo_48.png
Preview:	.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6....Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6.....,xz.._......B."#...L(n..f..Yb....8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o..........x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.....-.A.}.......I .P.....S....\|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.\|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4\|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65062), with CRLF line terminators
Category:	downloaded
Size (bytes):	1937685
Entropy (8bit):	5.301723029612853
Encrypted:	false
SSDEEP:
MD5:	C1FB21BF33694C30DB8A3F35DA339B12
SHA1:	8F1CE50D4DE920C58B2E3ADAEAB6EB9E8F7F3B89
SHA-256:	D49B7AB253B814FAE679EDCC0B5BB625ED65EAFD2BFD86BD3B9BBA7BDD49D77E
SHA-512:	28CED69865FE5F2D49742A949C3A61D5217CB347959EB400645BD7FD8D5AC76E3BEF7875CE03396E94FB697FF0628FE539EB4386A7CEDE8B9D5FAD95DB41DFD0
Malicious:	false
Reputation:	unknown
URL:	https://communitycryptoconvo.kinsta.cloud/cbn/?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply
Preview:	<html class="__variable_9c5a94 __variable_49b18b dark" lang="en" style=""><head>.... <meta charset="utf-8">.. <meta name="viewport" content="width=device-width, initial-scale=1">.. <script src='https://www.google.com/recaptcha/api.js'></script>.... <style data-savepage-href="/_next/static/css/a92e042c524fe1c6.css">.. @font-face {.. font-family: __inter_9c5a94;.. src: /savepage-url=/_next/static/media/11bf447c34a2180c-s.p.ttf/.. url(data:font/ttf;base64,AAEAAAATAQAABAAwR0RFRr+zhLoAAz1AAAAWW0dQT1OFS3IZAANTnAAB3CZHU1VCvn9meAAFL8QAAEK0SFZBUiNQpdUABXJ4AAAiP09TLzIil25iAAJufAAAAGBTVEFU+zrs9wAFlLgAAADGY21hcC8u6Z0AAm7cAABlimZ2YXIm/9kpAAWVgAAAARBnYXNwAAAAEAADPTgAAAAIZ2x5Zou/TzQAAAE8AAIdJmd2YXIQi1OcAAWWkAAGkwJoZWFkLcNhRgACRlQAAAA2aGhlYR71Gb8AAm5YAAAAJGhtdHj9w0zUAAJGjAAAJ8psb2NhCV0GNAACHoQAACfQbWF4cAoMAQYAAh5kAAAAIG5hbWWGt7TbAALUcAAABChwb3N0p6g1cgAC2JgAAGSecHJlcGgGjIUAAtRoAAAABwAFAPj9gAn4CoAAAwAHAAsADwATAAATESERAREhEQERIREBESERAREhEfgJAPcACQD3A

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	548
Entropy (8bit):	4.688532577858027
Encrypted:	false
SSDEEP:
MD5:	370E16C3B7DBA286CFF055F93B9A94D8
SHA1:	65F3537C3C798F7DA146C55AEF536F7B5D0CB943
SHA-256:	D465172175D35D493FB1633E237700022BD849FA123164790B168B8318ACB090
SHA-512:	75CD6A0AC7D6081D35140ABBEA018D1A2608DD936E2E21F61BF69E063F6FA16DD31C62392F5703D7A7C828EE3D4ECC838E73BFF029A98CED8986ACB5C8364966
Malicious:	false
Reputation:	unknown
URL:	https://communitycryptoconvo.kinsta.cloud/cbn/fonts/passicon.svg
Preview:	<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1434), with no line terminators
Category:	downloaded
Size (bytes):	1434
Entropy (8bit):	5.7650966390195455
Encrypted:	false
SSDEEP:
MD5:	428199CEE2F0EEB6B22877D19E9A5948
SHA1:	8904CC6022394076F644563F5AADCB999A23B9E5
SHA-256:	9BB78787D230094E7B59FD220AF0A87160630712D25307D3DBEF05FB554A261F
SHA-512:	F8BD0C179D0B811621E30F53C909A70E9E85AABCE6A37E948D427D2C10AEFDBD3D51D9E47D6212FAEA7DFFD4758E39E52D28821BB0A4B571BF1C375DA4A4509C
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/recaptcha/api.js
Preview:	/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]\|\|{},N='grecaptcha';var gr=w[N]=w[N]\|\|{};gr.ready=gr.ready\|\|function(f){(cfg['fns']=cfg['fns']\|\|[]).push(f);};w['__recaptcha_api']='https://www.google.com/recaptcha/api2/';(cfg['render']=cfg['render']\|\|[]).push('onload');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true; po.charset='utf-8';var v=w.navigator,m=d.createElement('meta');m.httpEquiv='origin-trial';m.content='A/kargTFyk8MR5ueravczef/wIlTkbVk1qXQesp39nV+xNECPdLBVeYffxrM8TmZT6RArWGQVCJ0LRivD7glcAUAAACQeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZzIiLCJleHBpcnkiOjE3NDIzNDIzOTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9';if(v&&v.cookieDeprecationLabel){v.cookieDeprecationLabel.getValue().then(function(l){if(l!=='treatment_1.1'&&l!=='treatment_1.2'&&l!=='control_1.1'){d.head.prepend(m)

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://e.cukurovadermatoloji.org.tr/i/Do-BbkmS8do2SSRbfKAqhcJT8K9iB0m-

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 104

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 73

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 82

Chrome Cache Entry: 84

Chrome Cache Entry: 87

Chrome Cache Entry: 89

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Chrome Cache Entry: 96

Chrome Cache Entry: 99

Static File Info

Windows Analysis Report
https://e.cukurovadermatoloji.org.tr/i/Do-BbkmS8do2SSRbfKAqhcJT8K9iB0m-