Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5Ti

Overview

General Information

Sample URL:https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5Ti
Analysis ID:1543706

Detection

HTMLPhisher
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Yara detected BlockedWebSite
Detected hidden input values containing email addresses (often used in phishing pages)
HTML body contains low number of good links
HTML body contains password input but no form action
HTML body with high number of embedded images detected
HTML title does not match URL
Stores files to the Windows start menu directory
URL contains potential PII (phishing indication)

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6232 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7040 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=2004,i,4441989394253882969,6971066287694979096,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6660 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5Ti" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
1.0.pages.csvJoeSecurity_BlockedWebSiteYara detected BlockedWebSiteJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    Phishing

    barindex
    AI detected phishing page
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiLLM: Score: 9 Reasons: The URL 'kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev' does not match the legitimate domain for Webmail., The URL contains a random string of characters, which is a common tactic used in phishing URLs., The domain 'pages.dev' is a generic domain often used for hosting various types of content, which can include phishing sites., The brand 'Webmail' is a known brand, but the URL does not reflect any legitimate association with it. DOM: 1.1.pages.csv
    Yara detected BlockedWebSite
    Source: Yara matchFile source: 1.0.pages.csv, type: HTML
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiHTTP Parser: rjq0q1.MMWUEhaKfnegSy4zJl28f6eCDFwR62wAlewo-1730104443-0.0.1.1-/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5Ti
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiHTTP Parser: Number of links: 0
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiHTTP Parser: <input type="password" .../> found but no <form action="...
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiHTTP Parser: Total embedded image size: 22051
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiHTTP Parser: Title: Webmail Login does not match URL
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiSample URL: PII: test@kghm.com&h0-bOY230w22zEQSk5Ti
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiSample URL: PII: test@kghm.com&h0-bOY230w22zEQSk5Ti
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiSample URL: PII: test@kghm.com&h0-bOY230w22zEQSk5Ti
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiSample URL: PII: test@kghm.com&h0-bOY230w22zEQSk5Ti
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiSample URL: PII: test@kghm.com&h0-bOY230w22zEQSk5Ti
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiSample URL: PII: test@kghm.com&h0-bOY230w22zEQSk5Ti
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiSample URL: PII: test@kghm.com&h0-bOY230w22zEQSk5Ti
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiSample URL: PII: test@kghm.com&h0-bOY230w22zEQSk5Ti
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiSample URL: PII: test@kghm.com&h0-bOY230w22zEQSk5Ti
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiSample URL: PII: test@kghm.com&h0-bOY230w22zEQSk5Ti
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiSample URL: PII: test@kghm.com&h0-bOY230w22zEQSk5Ti
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiSample URL: PII: test@kghm.com&h0-bOY230w22zEQSk5Ti
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiSample URL: PII: test@kghm.com&h0-bOY230w22zEQSk5Ti
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiSample URL: PII: test@kghm.com&h0-bOY230w22zEQSk5Ti
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiHTTP Parser: <input type="password" .../> found
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiHTTP Parser: No favicon
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiHTTP Parser: No <meta name="author".. found
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiHTTP Parser: No <meta name="author".. found
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiHTTP Parser: No <meta name="author".. found
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiHTTP Parser: No <meta name="copyright".. found
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiHTTP Parser: No <meta name="copyright".. found
    Source: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiHTTP Parser: No <meta name="copyright".. found
    Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49726 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49739 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49740 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49846 version: TLS 1.2
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: global trafficDNS traffic detected: DNS query: kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev
    Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: api.geoapify.com
    Source: global trafficDNS traffic detected: DNS query: em.koppaloan.com
    Source: global trafficDNS traffic detected: DNS query: www.kghm.com
    Source: global trafficDNS traffic detected: DNS query: kghm.com
    Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
    Source: global trafficDNS traffic detected: DNS query: static.addtoany.com
    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
    Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
    Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
    Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
    Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
    Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
    Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
    Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
    Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
    Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
    Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
    Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
    Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
    Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
    Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
    Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
    Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
    Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
    Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
    Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
    Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
    Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
    Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
    Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
    Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
    Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49726 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49739 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49740 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49846 version: TLS 1.2
    Source: classification engineClassification label: mal56.phis.win@20/6@42/216
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=2004,i,4441989394253882969,6971066287694979096,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5Ti"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=2004,i,4441989394253882969,6971066287694979096,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
    Registry Run Keys / Startup Folder    		1
    Process Injection    		1
    Masquerading    		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
    Registry Run Keys / Startup Folder    		1
    Process Injection    		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    No Antivirus matches

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    a.nel.cloudflare.com
    		35.190.80.1
    		truefalse
      		unknown
      em.koppaloan.com
      		104.219.248.26
      		truefalse
        		unknown
        api.geoapify.com
        		172.67.6.193
        		truefalse
          		unknown
          kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev
          		172.66.47.149
          		truetrue
            		unknown
            cdnjs.cloudflare.com
            		104.17.24.14
            		truefalse
              		unknown
              static.addtoany.com
              		104.22.70.197
              		truefalse
                		unknown
                www.google.com
                		142.250.185.228
                		truefalse
                  		unknown
                  kghm.com
                  		62.87.254.208
                  		truefalse
                    		unknown
                    www.kghm.com
                    		unknown
                    		unknownfalse
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5Titrue
                        		unknown
                        https://kghm.com/plfalse
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          142.250.186.68
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          104.17.24.14
                          		cdnjs.cloudflare.comUnited States
                          		13335CLOUDFLARENETUSfalse
                          142.250.185.228
                          		www.google.comUnited States
                          		15169GOOGLEUSfalse
                          172.67.6.193
                          		api.geoapify.comUnited States
                          		13335CLOUDFLARENETUSfalse
                          1.1.1.1
                          		unknownAustralia
                          		13335CLOUDFLARENETUSfalse
                          62.87.254.208
                          		kghm.comPoland
                          		21010KGHM-ASPolandPolkowicePLfalse
                          104.219.248.26
                          		em.koppaloan.comUnited States
                          		22612NAMECHEAP-NETUSfalse
                          216.58.206.78
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          142.250.181.234
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          64.233.167.84
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          104.22.71.197
                          		unknownUnited States
                          		13335CLOUDFLARENETUSfalse
                          239.255.255.250
                          		unknownReserved
                          		unknownunknownfalse
                          172.66.47.149
                          		kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.devUnited States
                          		13335CLOUDFLARENETUStrue
                          142.250.185.131
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          172.217.18.106
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          35.190.80.1
                          		a.nel.cloudflare.comUnited States
                          		15169GOOGLEUSfalse
                          104.22.70.197
                          		static.addtoany.comUnited States
                          		13335CLOUDFLARENETUSfalse
                          104.22.26.101
                          		unknownUnited States
                          		13335CLOUDFLARENETUSfalse
                          142.250.186.99
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          216.58.212.170
                          		unknownUnited States
                          		15169GOOGLEUSfalse

                          Private

                          IP
                          192.168.2.16

                          General Information

                          Joe Sandbox version:41.0.0 Charoite
                          Analysis ID:1543706
                          Start date and time:2024-10-28 09:33:03 +01:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                          Sample URL:https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5Ti
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:13
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • EGA enabled
                          Analysis Mode:stream
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal56.phis.win@20/6@42/216

                          Warnings

                          • Exclude process from analysis (whitelisted): SIHClient.exe
                          • Excluded IPs from analysis (whitelisted): 64.233.167.84, 216.58.206.78, 142.250.185.131, 34.104.35.123
                          • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                          • Not all processes where analyzed, report is missing behavior information
                          • VT rate limit hit for: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5Ti

                          LLM Input / Output

                          InputOutput
                          URL: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5Ti Model: claude-3-haiku-20240307
                          ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Ignore & Proceed",
  "prominent_button_name": "Learn More",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                          URL: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5Ti Model: claude-3-haiku-20240307
                          ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Enter your password.",
  "prominent_button_name": "Log in",
  "text_input_field_labels": [
    "Email Address",
    "Password"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                          URL: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5Ti Model: claude-3-haiku-20240307
                          ```json
{
  "brands": [
    "Cloudflare"
  ]
}
                          URL: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5Ti Model: claude-3-haiku-20240307
                          ```json
{
  "brands": [
    "Webmail"
  ]
}
                          URL: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5Ti Model: gpt-4o
                          ```json{  "legit_domain": "webmail.com",  "classification": "known",  "reasons": [    "The URL 'kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev' does not match the legitimate domain for Webmail.",    "The URL contains a random string of characters, which is a common tactic used in phishing URLs.",    "The domain 'pages.dev' is a generic domain often used for hosting various types of content, which can include phishing sites.",    "The brand 'Webmail' is a known brand, but the URL does not reflect any legitimate association with it."  ],  "riskscore": 9}
Google indexed: False
                          URL: kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev
            Brands: Webmail
            Input Fields: Email Address, Password
                          URL: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5Ti Model: claude-3-haiku-20240307
                          ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Log in",
  "prominent_button_name": "Log in",
  "text_input_field_labels": [
    "Email Address",
    "Password"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                          URL: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5Ti Model: claude-3-haiku-20240307
                          ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Authenticating...",
  "prominent_button_name": "Log in",
  "text_input_field_labels": [
    "Email Address",
    "Password"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                          URL: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5Ti Model: claude-3-haiku-20240307
                          ```json
{
  "brands": [
    "Webmail"
  ]
}
                          URL: https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5Ti Model: claude-3-haiku-20240307
                          ```json
{
  "brands": [
    "Webmail"
  ]
}
                          URL: https://kghm.com/pl Model: claude-3-haiku-20240307
                          ```json
{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                          URL: https://kghm.com/pl Model: claude-3-haiku-20240307
                          ```json
{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                          URL: https://kghm.com/pl Model: claude-3-haiku-20240307
                          ```json
{
  "brands": []
}
                          URL: https://kghm.com/pl Model: claude-3-haiku-20240307
                          ```json
{
  "brands": [
    "KGHM"
  ]
}
                          URL: https://kghm.com/pl Model: claude-3-haiku-20240307
                          ```json
{
  "contains_trigger_text": true,
  "trigger_text": "KGHM liderem wrd wiatowych producentw srebra",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                          URL: https://kghm.com/pl Model: claude-3-haiku-20240307
                          ```json
{
  "brands": [
    "KGHM"
  ]
}

                          Created / dropped Files

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 07:34:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2673
                          Entropy (8bit):3.9731705575160094
                          Encrypted:false
                          SSDEEP:
                          MD5:A964CBEEEEA3188E5FB2309EFD3A5BCC
                          SHA1:75C1106059082C6144369A2E65B9B96F74C3B9AD
                          SHA-256:AFD6D8B6D24D5B76BCADDEF4495230011BCFD6EFFECDFFAD8B2BB162131D781C
                          SHA-512:8D9CFC202E6D21F2C1C49D6D6B78E3DDBAAB4215BB1FD84DA6301C0C7E4C1EFEE4DE8DC263A381CE08E8D0B7E118FB3A991EE3DD393428BCCBB3D9D3C3A8AA43
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,....f..$.)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y6D....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\YAD....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\YAD....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\YAD..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\YBD...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............4.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 07:34:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2675
                          Entropy (8bit):3.9918173552124694
                          Encrypted:false
                          SSDEEP:
                          MD5:CDAF3F65675768BBFD5663A6FC5109CD
                          SHA1:7F65F037C9D42839E17367FA719FEC7096782E16
                          SHA-256:320A1D797F7FB1DA3ABDD4818867785C76B0824F11C671002239FD79BEC6C0FF
                          SHA-512:E17E48C1BD64D016443D51E38D46A6C97E395E5B43E551C56EBBA4C61333C1FC95B630FBDFBA22A8F07283C68BD068584290EC4FAFC75566645857D527F8D2DA
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,.......$.)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y6D....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\YAD....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\YAD....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\YAD..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\YBD...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............4.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2689
                          Entropy (8bit):3.9994477734004987
                          Encrypted:false
                          SSDEEP:
                          MD5:1DF4378CDA5BC785C3FA9925E5C7940D
                          SHA1:C103463E8500BB8E6D8C9F0382D0DCFBBF615C1F
                          SHA-256:6881EA033C4D7E59F64CAE8B9A8EF161A2048190DFDCC4708DA51853693EA4BA
                          SHA-512:3079A8832DCA43E768F600871579A4D42EA5BA6B6874E7B1CA1B6B0E28B62978F71D67446EC6957CA9AC5A79B9FBB1E20E1539E4E8EE6A4C10D878F52EDE21DC
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y6D....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\YAD....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\YAD....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\YAD..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............4.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 07:34:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2677
                          Entropy (8bit):3.9886760205604994
                          Encrypted:false
                          SSDEEP:
                          MD5:32ED25F1BAE1B03FC82377A2B86DB6E1
                          SHA1:EBD314A2D13AD5684519FEB9B5603B0DF56E8959
                          SHA-256:9A3E0BF9A1B0450BEE88F1AA97696FEBD991E4E843DE26FD9B853B54E1D617EA
                          SHA-512:1EBEDCAC9754B79FC0A0167DF4524F14612A338391A52A974F638E24986FDD4937FFE70F4F0021EEC6AE2ABDF8E3A41F531D56B8DC2E7114BD0B9A693D9A3F59
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,.......$.)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y6D....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\YAD....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\YAD....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\YAD..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\YBD...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............4.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 07:34:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2677
                          Entropy (8bit):3.978360200865811
                          Encrypted:false
                          SSDEEP:
                          MD5:5905DAD3582C3A97D075BDC049AAA219
                          SHA1:DF3E6C43DAF352169FA18D2E39370C3DFC9509AC
                          SHA-256:C4851B08B3D1EEF84A308A31ABBC049FD862BBE2BA344D2D48C13E3E99B3958A
                          SHA-512:B361B6368E28328A51F418D1FF2148EAE2CA856CC38ABB98F2C905516796F5B11355CD8D32124F874FE379FE7AEF37E535DB9173F5B434DCD598691E67E383D6
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,.......$.)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y6D....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\YAD....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\YAD....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\YAD..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\YBD...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............4.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 07:34:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2679
                          Entropy (8bit):3.9872165618534607
                          Encrypted:false
                          SSDEEP:
                          MD5:40AA69575A83F5A8F7A3E2FA52EB5AE9
                          SHA1:AA0680F738FD5CD20FF3917FAF6F9C0959A50D77
                          SHA-256:1BB695934AB8EDE933E559AFB8AEF4EBA9C66F2A6EFD0AEA118B43830BEE40AA
                          SHA-512:5D7B7AD31C969CC71DA76D4864C878B79B5D0450402CE9A88EB182770F578F83AEE0A478B48F73F43EBAE0A1005463839CB328096E23E73D880A73113AF521FD
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,.....$.)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y6D....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\YAD....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\YAD....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\YAD..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\YBD...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............4.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          Static File Info

                          No static file info