Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://eu-west-1.protection.sophos.com/?d=shareholds.com&u=aHR0cHM6Ly93d3cuc2hhcmVob2xkcy5jb20vY2FuL2Y2NWZmODM4LWIzNTgtNDBkMC05NmM4LTNjM2Y4MGYzMDFlNy81YzFhNzVlYS02N2QwLTQ2NDItODY2Mi0yMWQyZjgwOWUxMmMvYTIwOTRiNjUtZjQxZi00OGE1LWE0ZmYtNDY5NzAwMTU4NWFjL2xvZ2luP2lkPWJtMXNXRU14VURNeVFWTmpjVWhpWlVwcVN6TmtX

Overview

General Information

Sample URL:https://eu-west-1.protection.sophos.com/?d=shareholds.com&u=aHR0cHM6Ly93d3cuc2hhcmVob2xkcy5jb20vY2FuL2Y2NWZmODM4LWIzNTgtNDBkMC05NmM4LTNjM2Y4MGYzMDFlNy81YzFhNzVlYS02N2QwLTQ2NDItODY2Mi0yMWQyZjgwOWUxMmMv
Analysis ID:1549741

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Phishing site detected (based on image similarity)
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML title does not match URL
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6820 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 7044 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1904,i,8227620293026860368,6869183072328832239,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • chrome.exe (PID: 6608 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eu-west-1.protection.sophos.com/?d=shareholds.com&u=aHR0cHM6Ly93d3cuc2hhcmVob2xkcy5jb20vY2FuL2Y2NWZmODM4LWIzNTgtNDBkMC05NmM4LTNjM2Y4MGYzMDFlNy81YzFhNzVlYS02N2QwLTQ2NDItODY2Mi0yMWQyZjgwOWUxMmMvYTIwOTRiNjUtZjQxZi00OGE1LWE0ZmYtNDY5NzAwMTU4NWFjL2xvZ2luP2lkPWJtMXNXRU14VURNeVFWTmpjVWhpWlVwcVN6TmtXRXhoTWxCV2VFOW1NMlJ2ZURNNVVITkxjVlpUYjFwUlNIcEVXWE5MYUdRNVNVcFNiV1JEUjNCVGIybDNaSGcwWW5kS1R6VlFUbnB1VUc1TWQyRkZSVlY2Y201RVFWcFhXR2RNWVRBclJscGFPVkJJY2pRM0szaHhVbEZYY1ZSaWVUTXpOVEZRU1RscE1VNUZjakZTYlZKS0t6UjNiMWs1U1hsS1R6Z3pVVkYxTVRGelJsWkpVMjh6UzNoblRrd3dLMnAzWWpCb05teGhiV3BaYTB0b2VqZHZjMGR3V2xwVE5WVk9Nek5GV21GdWJ6UXpWSFJqU0RGbU1HUnZTMmRHTWxsMFJsZDVVM1l2TWtwWlNrTXhUWEJITVdWalpFcEdXbTl2WlRkVmVreGpOak5ETkU1MFdIUm5iM3AzV0dwNGVqSXpNbU41U1dWUE5rWm5WWGR0Vlc1MGVXOXpOMDFWZHpKS2MzSndSMjEyTmxaVGRFbFlPRGwzT1VZeVMwRk5NbXBMV2xoc2RIUjFlVnB3UlRONGJGVlBlRmxyUTNrMWVrTkRhVkF4UzBGbU1rOUtWVGhoZEZscWJUbHFWa0pGTjBWNFRISllhWGcyZWt4NWF6aFdWeTkxTW1NMlVYTXpRWFZNTjJSa1ZFRkNiM04wVG5odlIwTlBWMjEyU2tKVWR6MDk=&p=m&i=NjEwYjE2Y2U0Zjc0MWMwZTk2MmNlZjk5&t=V1RwZWdZMHRiYXhkTGY2UWtPR2VjUk1qc2QwbzdWUUhONmJhOFpjR2pubz0=&h=8d76ce21ce5147a9bbdd13bf0a0144cd&s=AVNPUEhUT0NFTkNSWVBUSVZfm1n22-u3VWWBUYPyz6tx0fxbloavhv4fIjvgwGfzhA" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected phishing page
Source: https://www.shareholds.com/can/f65ff838-b358-40d0-96c8-3c3f80f301e7/5c1a75ea-67d0-4642-8662-21d2f809e12c/a2094b65-f41f-48a5-a4ff-4697001585ac/login?id=bm1sWEMxUDMyQVNjcUhiZUpqSzNkWExhMlBWeE9mM2RveDM5UHNLcVZTb1pRSHpEWXNLaGQ5SUpSbWRDR3BTb2l3ZHg0YndKTzVQTnpuUG5Md2FFRVV6cm5EQVpXWGdMYTArRlpaOVBIcjQ3K3hxUlFXcVRieTMzNTFQSTlpMU5FcjFSbVJKKzR3b1k5SXlKTzgzUVF1MTFzRlZJU28zS3hnTkwwK2p3YjBoNmxhbWpZa0toejdvc0dwWlpTNVVOMzNFWmFubzQzVHRjSDFmMGRvS2dGMll0Rld5U3YvMkpZSkMxTXBHMWVjZEpGWm9vZTdVekxjNjNDNE50WHRnb3p3WGp4ejIzMmN5SWVPNkZnVXdtVW50eW9zN01VdzJKc3JwR212NlZTdElYODl3OUYyS0FNMmpLWlhsdHR1eVpwRTN4bFVPeFlrQ3k1ekNDaVAxS0FmMk9KVThhdFlqbTlqVkJFN0V4THJYaXg2ekx5azhWVy91MmM2UXMzQXVMN2RkVEFCb3N0TnhvR0NPV212SkJUdz09LLM: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'www.shareholds.com' does not match the legitimate domain for Microsoft., The domain 'shareholds.com' does not have any known association with Microsoft., The presence of input fields like 'Email, phone, or Skype' is typical for Microsoft services, but the domain mismatch is suspicious., The URL does not contain any direct reference to Microsoft, which is a red flag for phishing. DOM: 1.0.pages.csv
Phishing site detected (based on image similarity)
Source: https://www.shareholds.com/can/f65ff838-b358-40d0-96c8-3c3f80f301e7/5c1a75ea-67d0-4642-8662-21d2f809e12c/a2094b65-f41f-48a5-a4ff-4697001585ac/login?id=bm1sWEMxUDMyQVNjcUhiZUpqSzNkWExhMlBWeE9mM2RveDM5UHNLcVZTb1pRSHpEWXNLaGQ5SUpSbWRDR3BTb2l3ZHg0YndKTzVQTnpuUG5Md2FFRVV6cm5EQVpXWGdMYTArRlpaOVBIcjQ3K3hxUlFXcVRieTMzNTFQSTlpMU5FcjFSbVJKKzR3b1k5SXlKTzgzUVF1MTFzRlZJU28zS3hnTkwwK2p3YjBoNmxhbWpZa0toejdvc0dwWlpTNVVOMzNFWmFubzQzVHRjSDFmMGRvS2dGMll0Rld5U3YvMkpZSkMxTXBHMWVjZEpGWm9vZTdVekxjNjNDNE50WHRnb3p3WGp4ejIzMmN5SWVPNkZnVXdtVW50eW9zN01VdzJKc3JwR212NlZTdElYODl3OUYyS0FNMmpLWlhsdHR1eVpwRTN4bFVPeFlrQ3k1ekNDaVAxS0FmMk9KVThhdFlqbTlqVkJFN0V4THJYaXg2ekx5azhWVy91MmM2UXMzQXVMN2RkVEFCb3N0TnhvR0NPV212SkJUdz09Matcher: Found strong image similarity, brand: MICROSOFT
Source: https://www.shareholds.com/can/f65ff838-b358-40d0-96c8-3c3f80f301e7/5c1a75ea-67d0-4642-8662-21d2f809e12c/a2094b65-f41f-48a5-a4ff-4697001585ac/login?id=bm1sWEMxUDMyQVNjcUhiZUpqSzNkWExhMlBWeE9mM2RveDM5UHNLcVZTb1pRSHpEWXNLaGQ5SUpSbWRDR3BTb2l3ZHg0YndKTzVQTnpuUG5Md2FFRVV6cm5EQVpXWGdMYTArRlpaOVBIcjQ3K3hxUlFXcVRieTMzNTFQSTlpMU5FcjFSbVJKKzR3b1k5SXlKTzgzUVF1MTFzRlZJU28zS3hnTkwwK2p3YjBoNmxhbWpZa0toejdvc0dwWlpTNVVOMzNFWmFubzQzVHRjSDFmMGRvS2dGMll0Rld5U3YvMkpZSkMxTXBHMWVjZEpGWm9vZTdVekxjNjNDNE50WHRnb3p3WGp4ejIzMmN5SWVPNkZnVXdtVW50eW9zN01VdzJKc3JwR212NlZTdElYODl3OUYyS0FNMmpLWlhsdHR1eVpwRTN4bFVPeFlrQ3k1ekNDaVAxS0FmMk9KVThhdFlqbTlqVkJFN0V4THJYaXg2ekx5azhWVy91MmM2UXMzQXVMN2RkVEFCb3N0TnhvR0NPV212SkJUdz09HTTP Parser: Number of links: 0
Source: https://www.shareholds.com/can/f65ff838-b358-40d0-96c8-3c3f80f301e7/5c1a75ea-67d0-4642-8662-21d2f809e12c/a2094b65-f41f-48a5-a4ff-4697001585ac/login?id=bm1sWEMxUDMyQVNjcUhiZUpqSzNkWExhMlBWeE9mM2RveDM5UHNLcVZTb1pRSHpEWXNLaGQ5SUpSbWRDR3BTb2l3ZHg0YndKTzVQTnpuUG5Md2FFRVV6cm5EQVpXWGdMYTArRlpaOVBIcjQ3K3hxUlFXcVRieTMzNTFQSTlpMU5FcjFSbVJKKzR3b1k5SXlKTzgzUVF1MTFzRlZJU28zS3hnTkwwK2p3YjBoNmxhbWpZa0toejdvc0dwWlpTNVVOMzNFWmFubzQzVHRjSDFmMGRvS2dGMll0Rld5U3YvMkpZSkMxTXBHMWVjZEpGWm9vZTdVekxjNjNDNE50WHRnb3p3WGp4ejIzMmN5SWVPNkZnVXdtVW50eW9zN01VdzJKc3JwR212NlZTdElYODl3OUYyS0FNMmpLWlhsdHR1eVpwRTN4bFVPeFlrQ3k1ekNDaVAxS0FmMk9KVThhdFlqbTlqVkJFN0V4THJYaXg2ekx5azhWVy91MmM2UXMzQXVMN2RkVEFCb3N0TnhvR0NPV212SkJUdz09HTTP Parser: Base64 decoded: nmlXC1P32AScqHbeJjK3dXLa2PVxOf3dox39PsKqVSoZQHzDYsKhd9IJRmdCGpSoiwdx4bwJO5PNznPnLwaEEUzrnDAZWXgLa0+FZZ9PHr47+xqRQWqTby3351PI9i1NEr1RmRJ+4woY9IyJO83QQu11sFVISo3KxgNL0+jwb0h6lamjYkKhz7osGpZZS5UN33EZano43TtcH1f0doKgF2YtFWySv/2JYJC1MpG1ecdJFZooe7UzLc63C4NtXtg...
Source: https://www.shareholds.com/can/f65ff838-b358-40d0-96c8-3c3f80f301e7/5c1a75ea-67d0-4642-8662-21d2f809e12c/a2094b65-f41f-48a5-a4ff-4697001585ac/login?id=bm1sWEMxUDMyQVNjcUhiZUpqSzNkWExhMlBWeE9mM2RveDM5UHNLcVZTb1pRSHpEWXNLaGQ5SUpSbWRDR3BTb2l3ZHg0YndKTzVQTnpuUG5Md2FFRVV6cm5EQVpXWGdMYTArRlpaOVBIcjQ3K3hxUlFXcVRieTMzNTFQSTlpMU5FcjFSbVJKKzR3b1k5SXlKTzgzUVF1MTFzRlZJU28zS3hnTkwwK2p3YjBoNmxhbWpZa0toejdvc0dwWlpTNVVOMzNFWmFubzQzVHRjSDFmMGRvS2dGMll0Rld5U3YvMkpZSkMxTXBHMWVjZEpGWm9vZTdVekxjNjNDNE50WHRnb3p3WGp4ejIzMmN5SWVPNkZnVXdtVW50eW9zN01VdzJKc3JwR212NlZTdElYODl3OUYyS0FNMmpLWlhsdHR1eVpwRTN4bFVPeFlrQ3k1ekNDaVAxS0FmMk9KVThhdFlqbTlqVkJFN0V4THJYaXg2ekx5azhWVy91MmM2UXMzQXVMN2RkVEFCb3N0TnhvR0NPV212SkJUdz09HTTP Parser: Title: does not match URL
Source: https://www.shareholds.com/can/f65ff838-b358-40d0-96c8-3c3f80f301e7/5c1a75ea-67d0-4642-8662-21d2f809e12c/a2094b65-f41f-48a5-a4ff-4697001585ac/login?id=bm1sWEMxUDMyQVNjcUhiZUpqSzNkWExhMlBWeE9mM2RveDM5UHNLcVZTb1pRSHpEWXNLaGQ5SUpSbWRDR3BTb2l3ZHg0YndKTzVQTnpuUG5Md2FFRVV6cm5EQVpXWGdMYTArRlpaOVBIcjQ3K3hxUlFXcVRieTMzNTFQSTlpMU5FcjFSbVJKKzR3b1k5SXlKTzgzUVF1MTFzRlZJU28zS3hnTkwwK2p3YjBoNmxhbWpZa0toejdvc0dwWlpTNVVOMzNFWmFubzQzVHRjSDFmMGRvS2dGMll0Rld5U3YvMkpZSkMxTXBHMWVjZEpGWm9vZTdVekxjNjNDNE50WHRnb3p3WGp4ejIzMmN5SWVPNkZnVXdtVW50eW9zN01VdzJKc3JwR212NlZTdElYODl3OUYyS0FNMmpLWlhsdHR1eVpwRTN4bFVPeFlrQ3k1ekNDaVAxS0FmMk9KVThhdFlqbTlqVkJFN0V4THJYaXg2ekx5azhWVy91MmM2UXMzQXVMN2RkVEFCb3N0TnhvR0NPV212SkJUdz09HTTP Parser: <input type="password" .../> found
Source: https://www.shareholds.com/can/f65ff838-b358-40d0-96c8-3c3f80f301e7/5c1a75ea-67d0-4642-8662-21d2f809e12c/a2094b65-f41f-48a5-a4ff-4697001585ac/login?id=bm1sWEMxUDMyQVNjcUhiZUpqSzNkWExhMlBWeE9mM2RveDM5UHNLcVZTb1pRSHpEWXNLaGQ5SUpSbWRDR3BTb2l3ZHg0YndKTzVQTnpuUG5Md2FFRVV6cm5EQVpXWGdMYTArRlpaOVBIcjQ3K3hxUlFXcVRieTMzNTFQSTlpMU5FcjFSbVJKKzR3b1k5SXlKTzgzUVF1MTFzRlZJU28zS3hnTkwwK2p3YjBoNmxhbWpZa0toejdvc0dwWlpTNVVOMzNFWmFubzQzVHRjSDFmMGRvS2dGMll0Rld5U3YvMkpZSkMxTXBHMWVjZEpGWm9vZTdVekxjNjNDNE50WHRnb3p3WGp4ejIzMmN5SWVPNkZnVXdtVW50eW9zN01VdzJKc3JwR212NlZTdElYODl3OUYyS0FNMmpLWlhsdHR1eVpwRTN4bFVPeFlrQ3k1ekNDaVAxS0FmMk9KVThhdFlqbTlqVkJFN0V4THJYaXg2ekx5azhWVy91MmM2UXMzQXVMN2RkVEFCb3N0TnhvR0NPV212SkJUdz09HTTP Parser: No favicon
Source: https://www.shareholds.com/can/f65ff838-b358-40d0-96c8-3c3f80f301e7/5c1a75ea-67d0-4642-8662-21d2f809e12c/a2094b65-f41f-48a5-a4ff-4697001585ac/login?id=bm1sWEMxUDMyQVNjcUhiZUpqSzNkWExhMlBWeE9mM2RveDM5UHNLcVZTb1pRSHpEWXNLaGQ5SUpSbWRDR3BTb2l3ZHg0YndKTzVQTnpuUG5Md2FFRVV6cm5EQVpXWGdMYTArRlpaOVBIcjQ3K3hxUlFXcVRieTMzNTFQSTlpMU5FcjFSbVJKKzR3b1k5SXlKTzgzUVF1MTFzRlZJU28zS3hnTkwwK2p3YjBoNmxhbWpZa0toejdvc0dwWlpTNVVOMzNFWmFubzQzVHRjSDFmMGRvS2dGMll0Rld5U3YvMkpZSkMxTXBHMWVjZEpGWm9vZTdVekxjNjNDNE50WHRnb3p3WGp4ejIzMmN5SWVPNkZnVXdtVW50eW9zN01VdzJKc3JwR212NlZTdElYODl3OUYyS0FNMmpLWlhsdHR1eVpwRTN4bFVPeFlrQ3k1ekNDaVAxS0FmMk9KVThhdFlqbTlqVkJFN0V4THJYaXg2ekx5azhWVy91MmM2UXMzQXVMN2RkVEFCb3N0TnhvR0NPV212SkJUdz09HTTP Parser: No <meta name="author".. found
Source: https://www.shareholds.com/can/f65ff838-b358-40d0-96c8-3c3f80f301e7/5c1a75ea-67d0-4642-8662-21d2f809e12c/a2094b65-f41f-48a5-a4ff-4697001585ac/login?id=bm1sWEMxUDMyQVNjcUhiZUpqSzNkWExhMlBWeE9mM2RveDM5UHNLcVZTb1pRSHpEWXNLaGQ5SUpSbWRDR3BTb2l3ZHg0YndKTzVQTnpuUG5Md2FFRVV6cm5EQVpXWGdMYTArRlpaOVBIcjQ3K3hxUlFXcVRieTMzNTFQSTlpMU5FcjFSbVJKKzR3b1k5SXlKTzgzUVF1MTFzRlZJU28zS3hnTkwwK2p3YjBoNmxhbWpZa0toejdvc0dwWlpTNVVOMzNFWmFubzQzVHRjSDFmMGRvS2dGMll0Rld5U3YvMkpZSkMxTXBHMWVjZEpGWm9vZTdVekxjNjNDNE50WHRnb3p3WGp4ejIzMmN5SWVPNkZnVXdtVW50eW9zN01VdzJKc3JwR212NlZTdElYODl3OUYyS0FNMmpLWlhsdHR1eVpwRTN4bFVPeFlrQ3k1ekNDaVAxS0FmMk9KVThhdFlqbTlqVkJFN0V4THJYaXg2ekx5azhWVy91MmM2UXMzQXVMN2RkVEFCb3N0TnhvR0NPV212SkJUdz09HTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.31.71:443 -> 192.168.2.17:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.130:443 -> 192.168.2.17:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49749 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 25MB later: 39MB
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: global trafficDNS traffic detected: DNS query: eu-west-1.protection.sophos.com
Source: global trafficDNS traffic detected: DNS query: www.shareholds.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.31.71:443 -> 192.168.2.17:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.130:443 -> 192.168.2.17:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49749 version: TLS 1.2
Source: classification engineClassification label: mal52.phis.win@18/19@12/126
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1904,i,8227620293026860368,6869183072328832239,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eu-west-1.protection.sophos.com/?d=shareholds.com&u=aHR0cHM6Ly93d3cuc2hhcmVob2xkcy5jb20vY2FuL2Y2NWZmODM4LWIzNTgtNDBkMC05NmM4LTNjM2Y4MGYzMDFlNy81YzFhNzVlYS02N2QwLTQ2NDItODY2Mi0yMWQyZjgwOWUxMmMvYTIwOTRiNjUtZjQxZi00OGE1LWE0ZmYtNDY5NzAwMTU4NWFjL2xvZ2luP2lkPWJtMXNXRU14VURNeVFWTmpjVWhpWlVwcVN6TmtXRXhoTWxCV2VFOW1NMlJ2ZURNNVVITkxjVlpUYjFwUlNIcEVXWE5MYUdRNVNVcFNiV1JEUjNCVGIybDNaSGcwWW5kS1R6VlFUbnB1VUc1TWQyRkZSVlY2Y201RVFWcFhXR2RNWVRBclJscGFPVkJJY2pRM0szaHhVbEZYY1ZSaWVUTXpOVEZRU1RscE1VNUZjakZTYlZKS0t6UjNiMWs1U1hsS1R6Z3pVVkYxTVRGelJsWkpVMjh6UzNoblRrd3dLMnAzWWpCb05teGhiV3BaYTB0b2VqZHZjMGR3V2xwVE5WVk9Nek5GV21GdWJ6UXpWSFJqU0RGbU1HUnZTMmRHTWxsMFJsZDVVM1l2TWtwWlNrTXhUWEJITVdWalpFcEdXbTl2WlRkVmVreGpOak5ETkU1MFdIUm5iM3AzV0dwNGVqSXpNbU41U1dWUE5rWm5WWGR0Vlc1MGVXOXpOMDFWZHpKS2MzSndSMjEyTmxaVGRFbFlPRGwzT1VZeVMwRk5NbXBMV2xoc2RIUjFlVnB3UlRONGJGVlBlRmxyUTNrMWVrTkRhVkF4UzBGbU1rOUtWVGhoZEZscWJUbHFWa0pGTjBWNFRISllhWGcyZWt4NWF6aFdWeTkxTW1NMlVYTXpRWFZNTjJSa1ZFRkNiM04wVG5odlIwTlBWMjEyU2tKVWR6MDk=&p=m&i=NjEwYjE2Y2U0Zjc0MWMwZTk2MmNlZjk5&t=V1RwZWdZMHRiYXhkTGY2UWtPR2VjUk1qc2QwbzdWUUhONmJhOFpjR2pubz0=&h=8d76ce21ce5147a9bbdd13bf0a0144cd&s=AVNPUEhUT0NFTkNSWVBUSVZfm1n22-u3VWWBUYPyz6tx0fxbloavhv4fIjvgwGfzhA"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1904,i,8227620293026860368,6869183072328832239,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		1
Extra Window Memory Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://eu-west-1.protection.sophos.com/?d=shareholds.com&u=aHR0cHM6Ly93d3cuc2hhcmVob2xkcy5jb20vY2FuL2Y2NWZmODM4LWIzNTgtNDBkMC05NmM4LTNjM2Y4MGYzMDFlNy81YzFhNzVlYS02N2QwLTQ2NDItODY2Mi0yMWQyZjgwOWUxMmMvYTIwOTRiNjUtZjQxZi00OGE1LWE0ZmYtNDY5NzAwMTU4NWFjL2xvZ2luP2lkPWJtMXNXRU14VURNeVFWTmpjVWhpWlVwcVN6TmtXRXhoTWxCV2VFOW1NMlJ2ZURNNVVITkxjVlpUYjFwUlNIcEVXWE5MYUdRNVNVcFNiV1JEUjNCVGIybDNaSGcwWW5kS1R6VlFUbnB1VUc1TWQyRkZSVlY2Y201RVFWcFhXR2RNWVRBclJscGFPVkJJY2pRM0szaHhVbEZYY1ZSaWVUTXpOVEZRU1RscE1VNUZjakZTYlZKS0t6UjNiMWs1U1hsS1R6Z3pVVkYxTVRGelJsWkpVMjh6UzNoblRrd3dLMnAzWWpCb05teGhiV3BaYTB0b2VqZHZjMGR3V2xwVE5WVk9Nek5GV21GdWJ6UXpWSFJqU0RGbU1HUnZTMmRHTWxsMFJsZDVVM1l2TWtwWlNrTXhUWEJITVdWalpFcEdXbTl2WlRkVmVreGpOak5ETkU1MFdIUm5iM3AzV0dwNGVqSXpNbU41U1dWUE5rWm5WWGR0Vlc1MGVXOXpOMDFWZHpKS2MzSndSMjEyTmxaVGRFbFlPRGwzT1VZeVMwRk5NbXBMV2xoc2RIUjFlVnB3UlRONGJGVlBlRmxyUTNrMWVrTkRhVkF4UzBGbU1rOUtWVGhoZEZscWJUbHFWa0pGTjBWNFRISllhWGcyZWt4NWF6aFdWeTkxTW1NMlVYTXpRWFZNTjJSa1ZFRkNiM04wVG5odlIwTlBWMjEyU2tKVWR6MDk=&p=m&i=NjEwYjE2Y2U0Zjc0MWMwZTk2MmNlZjk5&t=V1RwZWdZMHRiYXhkTGY2UWtPR2VjUk1qc2QwbzdWUUhONmJhOFpjR2pubz0=&h=8d76ce21ce5147a9bbdd13bf0a0144cd&s=AVNPUEhUT0NFTkNSWVBUSVZfm1n22-u3VWWBUYPyz6tx0fxbloavhv4fIjvgwGfzhA0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
d35tlz0p71apkp.cloudfront.net
18.173.205.68
truefalse
    		unknown
    s-part-0017.t-0009.t-msedge.net
    		13.107.246.45
    		truefalse
      		high
      sni1gl.wpc.omegacdn.net
      		152.199.21.175
      		truefalse
        		high
        www.google.com
        		142.250.186.100
        		truefalse
          		high
          eu-west-1.protection.sophos.com
          		unknown
          		unknownfalse
            		unknown
            www.shareholds.com
            		unknown
            		unknowntrue
              		unknown
              aadcdn.msftauth.net
              		unknown
              		unknownfalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://www.shareholds.com/can/f65ff838-b358-40d0-96c8-3c3f80f301e7/5c1a75ea-67d0-4642-8662-21d2f809e12c/a2094b65-f41f-48a5-a4ff-4697001585ac/login?id=bm1sWEMxUDMyQVNjcUhiZUpqSzNkWExhMlBWeE9mM2RveDM5UHNLcVZTb1pRSHpEWXNLaGQ5SUpSbWRDR3BTb2l3ZHg0YndKTzVQTnpuUG5Md2FFRVV6cm5EQVpXWGdMYTArRlpaOVBIcjQ3K3hxUlFXcVRieTMzNTFQSTlpMU5FcjFSbVJKKzR3b1k5SXlKTzgzUVF1MTFzRlZJU28zS3hnTkwwK2p3YjBoNmxhbWpZa0toejdvc0dwWlpTNVVOMzNFWmFubzQzVHRjSDFmMGRvS2dGMll0Rld5U3YvMkpZSkMxTXBHMWVjZEpGWm9vZTdVekxjNjNDNE50WHRnb3p3WGp4ejIzMmN5SWVPNkZnVXdtVW50eW9zN01VdzJKc3JwR212NlZTdElYODl3OUYyS0FNMmpLWlhsdHR1eVpwRTN4bFVPeFlrQ3k1ekNDaVAxS0FmMk9KVThhdFlqbTlqVkJFN0V4THJYaXg2ekx5azhWVy91MmM2UXMzQXVMN2RkVEFCb3N0TnhvR0NPV212SkJUdz09true
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  142.250.185.99
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  142.250.185.78
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  142.250.74.202
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  142.250.185.206
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  1.1.1.1
                  		unknownAustralia
                  		13335CLOUDFLARENETUSfalse
                  13.107.246.45
                  		s-part-0017.t-0009.t-msedge.netUnited States
                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  239.255.255.250
                  		unknownReserved
                  		unknownunknownfalse
                  18.173.205.68
                  		d35tlz0p71apkp.cloudfront.netUnited States
                  		3MIT-GATEWAYSUSfalse
                  152.199.21.175
                  		sni1gl.wpc.omegacdn.netUnited States
                  		15133EDGECASTUSfalse
                  142.250.186.100
                  		www.google.comUnited States
                  		15169GOOGLEUSfalse
                  142.250.74.195
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  66.102.1.84
                  		unknownUnited States
                  		15169GOOGLEUSfalse

                  Private

                  IP
                  192.168.2.17

                  General Information

                  Joe Sandbox version:41.0.0 Charoite
                  Analysis ID:1549741
                  Start date and time:2024-11-06 00:18:39 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                  Sample URL:https://eu-west-1.protection.sophos.com/?d=shareholds.com&u=aHR0cHM6Ly93d3cuc2hhcmVob2xkcy5jb20vY2FuL2Y2NWZmODM4LWIzNTgtNDBkMC05NmM4LTNjM2Y4MGYzMDFlNy81YzFhNzVlYS02N2QwLTQ2NDItODY2Mi0yMWQyZjgwOWUxMmMvYTIwOTRiNjUtZjQxZi00OGE1LWE0ZmYtNDY5NzAwMTU4NWFjL2xvZ2luP2lkPWJtMXNXRU14VURNeVFWTmpjVWhpWlVwcVN6TmtXRXhoTWxCV2VFOW1NMlJ2ZURNNVVITkxjVlpUYjFwUlNIcEVXWE5MYUdRNVNVcFNiV1JEUjNCVGIybDNaSGcwWW5kS1R6VlFUbnB1VUc1TWQyRkZSVlY2Y201RVFWcFhXR2RNWVRBclJscGFPVkJJY2pRM0szaHhVbEZYY1ZSaWVUTXpOVEZRU1RscE1VNUZjakZTYlZKS0t6UjNiMWs1U1hsS1R6Z3pVVkYxTVRGelJsWkpVMjh6UzNoblRrd3dLMnAzWWpCb05teGhiV3BaYTB0b2VqZHZjMGR3V2xwVE5WVk9Nek5GV21GdWJ6UXpWSFJqU0RGbU1HUnZTMmRHTWxsMFJsZDVVM1l2TWtwWlNrTXhUWEJITVdWalpFcEdXbTl2WlRkVmVreGpOak5ETkU1MFdIUm5iM3AzV0dwNGVqSXpNbU41U1dWUE5rWm5WWGR0Vlc1MGVXOXpOMDFWZHpKS2MzSndSMjEyTmxaVGRFbFlPRGwzT1VZeVMwRk5NbXBMV2xoc2RIUjFlVnB3UlRONGJGVlBlRmxyUTNrMWVrTkRhVkF4UzBGbU1rOUtWVGhoZEZscWJUbHFWa0pGTjBWNFRISllhWGcyZWt4NWF6aFdWeTkxTW1NMlVYTXpRWFZNTjJSa1ZFRkNiM04wVG5odlIwTlBWMjEyU2tKVWR6MDk=&p=m&i=NjEwYjE2Y2U0Zjc0MWMwZTk2MmNlZjk5&t=V1RwZWdZMHRiYXhkTGY2UWtPR2VjUk1qc2QwbzdWUUhONmJhOFpjR2pubz0=&h=8d76ce21ce5147a9bbdd13bf0a0144cd&s=AVNPUEhUT0NFTkNSWVBUSVZfm1n22-u3VWWBUYPyz6tx0fxbloavhv4fIjvgwGfzhA
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:21
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • EGA enabled
                  Analysis Mode:stream
                  Analysis stop reason:Timeout
                  Detection:MAL
                  Classification:mal52.phis.win@18/19@12/126

                  Warnings

                  • Exclude process from analysis (whitelisted): TextInputHost.exe
                  • Excluded IPs from analysis (whitelisted): 142.250.74.195, 142.250.185.78, 66.102.1.84, 34.104.35.123
                  • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, aadcdnoriginwus2.azureedge.net, clientservices.googleapis.com, aadcdnoriginwus2.afd.azureedge.net, azurefd-t-prod.trafficmanager.net, aadcdn.msauth.net, clients.l.google.com, firstparty-azurefd-prod.trafficmanager.net
                  • Not all processes where analyzed, report is missing behavior information
                  • VT rate limit hit for: https://eu-west-1.protection.sophos.com/?d=shareholds.com&u=aHR0cHM6Ly93d3cuc2hhcmVob2xkcy5jb20vY2FuL2Y2NWZmODM4LWIzNTgtNDBkMC05NmM4LTNjM2Y4MGYzMDFlNy81YzFhNzVlYS02N2QwLTQ2NDItODY2Mi0yMWQyZjgwOWUxMmMvYTIwOTRiNjUtZjQxZi00OGE1LWE0ZmYtNDY5NzAwMTU4NWFjL2xvZ2luP2lkPWJtMXNXRU14VURNeVFWTmpjVWhpWlVwcVN6TmtXRXhoTWxCV2VFOW1NMlJ2ZURNNVVITkxjVlpUYjFwUlNIcEVXWE5MYUdRNVNVcFNiV1JEUjNCVGIybDNaSGcwWW5kS1R6VlFUbnB1VUc1TWQyRkZSVlY2Y201RVFWcFhXR2RNWVRBclJscGFPVkJJY2pRM0szaHhVbEZYY1ZSaWVUTXpOVEZRU1RscE1VNUZjakZTYlZKS0t6UjNiMWs1U1hsS1R6Z3pVVkYxTVRGelJsWkpVMjh6UzNoblRrd3dLMnAzWWpCb05teGhiV3BaYTB0b2VqZHZjMGR3V2xwVE5WVk9Nek5GV21GdWJ6UXpWSFJqU0RGbU1HUnZTMmRHTWxsMFJsZDVVM1l2TWtwWlNrTXhUWEJITVdWalpFcEdXbTl2WlRkVmVreGpOak5ETkU1MFdIUm5iM3AzV0dwNGVqSXpNbU41U1dWUE5rWm5WWGR0Vlc1MGVXOXpOMDFWZHpKS2MzSndSMjEyTmxaVGRFbFlPRGwzT1VZeVMwRk5NbXBMV2xoc2RIUjFlVnB3UlRONGJGVlBlRmxyUTNrMWVrTkRhVkF4UzBGbU1rOUtWVGhoZEZscWJUbHFWa0pGTjBWNFRISllhWGcyZWt4NWF6aFdWeTkxTW1NMlVYTXpRWFZNTjJSa1ZFRkNiM04wVG5odlIwTlBWMjEyU2tKVWR6MDk=&p=m&i=NjEwY

                  LLM Input / Output

                  InputOutput
                  URL: Model: claude-3-5-sonnet-latest
                  {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": true,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}
                  URL: URL: https://eu-west-1.protection.sophos.com
                  URL: https://www.shareholds.com/can/f65ff838-b358-40d0-96c8-3c3f80f301e7/5c1a75ea-67d0-4642-8662-21d2f809e12c/a2094b65-f41f-48a5-a4ff-4697001585ac/login?id=bm1sWEMxUDMyQVNjcUhiZUpqSzNkWExhMlBWeE9mM2RveDM5UHNLcVZTb1pRSHpEWXNLaGQ5SUpSbWRDR3BTb2l3ZHg0YndKTzVQTnpu Model: claude-3-haiku-20240307
                  ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Sign in",
  "prominent_button_name": "Next",
  "text_input_field_labels": [
    "Email, phone, or Skype"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                  URL: Model: claude-3-5-sonnet-latest
                  {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}
                  URL: URL: https://www.shareholds.com
                  URL: https://www.shareholds.com/can/f65ff838-b358-40d0-96c8-3c3f80f301e7/5c1a75ea-67d0-4642-8662-21d2f809e12c/a2094b65-f41f-48a5-a4ff-4697001585ac/login?id=bm1sWEMxUDMyQVNjcUhiZUpqSzNkWExhMlBWeE9mM2RveDM5UHNLcVZTb1pRSHpEWXNLaGQ5SUpSbWRDR3BTb2l3ZHg0YndKTzVQTnpu Model: claude-3-haiku-20240307
                  ```json
{
  "brands": [
    "Microsoft"
  ]
}
                  URL: https://www.shareholds.com/can/f65ff838-b358-40d0-96c8-3c3f80f301e7/5c1a75ea-67d0-4642-8662-21d2f809e12c/a2094b65-f41f-48a5-a4ff-4697001585ac/login?id=bm1sWEMxUDMyQVNjcUhiZUpqSzNkWExhMlBWeE9mM2RveDM5UHNLcVZTb1pRSHpEWXNLaGQ5SUpSbWRDR3BTb2l3ZHg0YndKTzVQTnpu Model: gpt-4o
                  ```json{  "legit_domain": "microsoft.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.",    "The URL 'www.shareholds.com' does not match the legitimate domain for Microsoft.",    "The domain 'shareholds.com' does not have any known association with Microsoft.",    "The presence of input fields like 'Email, phone, or Skype' is typical for Microsoft services, but the domain mismatch is suspicious.",    "The URL does not contain any direct reference to Microsoft, which is a red flag for phishing."  ],  "riskscore": 9}
Google indexed: False
                  URL: www.shareholds.com
            Brands: Microsoft
            Input Fields: Email, phone, or Skype
                  URL: Model: claude-3-5-sonnet-latest
                  {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}
                  URL: URL: https://shareholds.com

                  Created / dropped Files

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 5 22:19:09 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2677
                  Entropy (8bit):3.9858224832059688
                  Encrypted:false
                  SSDEEP:
                  MD5:941FEEC49A591388C3C1D6CEBC8C8308
                  SHA1:9EB1057CB11FC59B114F621A6C7785E2E62D5D7B
                  SHA-256:DAB8E676B9E4D518364CC0BB75DD1118B05077E34F9226855072712B56988D81
                  SHA-512:9BC63CB49630F3D3C43758F8B245D10A774F268705F73942AC6AA2B516482F23E3A476911559BA5D1F6989C4FCA2CEB57A2B9570CE0D6C775D78F21EBA166DB7
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,.....I4../......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IeYZ.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VeYd.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VeYd.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VeYd............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VeYe............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............w3.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 5 22:19:09 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2679
                  Entropy (8bit):3.9991572305609475
                  Encrypted:false
                  SSDEEP:
                  MD5:16942F1590A4D45052B91C97D4C3878C
                  SHA1:E95A5EDCF436A4DF5875083340E2299696CB02D7
                  SHA-256:99C6AF6672C3D4402FD5C5FAC3A71A1709B0470CD6F162139EF093810517F6BF
                  SHA-512:BF53A5C7A9B68C82EDD1951B232AE4AD20CA6347F5AFA3925EC7A70D19FC73D0BA2ECD015B55B687FBB1C15B885D62021E81CDE380A989D15C4D9B6A631A5D63
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,....Dt)../......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IeYZ.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VeYd.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VeYd.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VeYd............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VeYe............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............w3.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2693
                  Entropy (8bit):4.013151739453673
                  Encrypted:false
                  SSDEEP:
                  MD5:B8CF151B6CF64545959C1A01E2773B56
                  SHA1:2D54F490C1ACD39885B02A63B7976644C72FB647
                  SHA-256:F989E546FF7FC0AA5457EDABCC9CD553EDCE5BDF316FF0177798C141AAA56BF9
                  SHA-512:2678D58FEC9CC238DD74FA609B6E37956829311EBEB1ECBDE8CACA50CC5C88998DC6E506A3539C3A87A7980478DF8D3DD1A730D81D30EE29BB47EEA672CB566C
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IeYZ.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VeYd.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VeYd.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VeYd............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............w3.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 5 22:19:09 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2681
                  Entropy (8bit):4.000037688132307
                  Encrypted:false
                  SSDEEP:
                  MD5:BE1D1BCC570573ADCC725C04EDB5BA60
                  SHA1:034A03F39BC3F1E582BD6DCA532E1FC4324AEFDC
                  SHA-256:32815B3DA28053389D3A9CAC97F82835C58E2E6DF4EF27FA8910A5BA3E1B4BCD
                  SHA-512:587193E19F06C223EFEC37490F4283B33110C7E60BDF538E35ED9E7BB5C9F1B2F80E80210FBD2C8796922843A8BD9B9451C125A42EF0733957AFC0516D4EC630
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,......$../......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IeYZ.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VeYd.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VeYd.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VeYd............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VeYe............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............w3.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 5 22:19:09 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2681
                  Entropy (8bit):3.986891072836776
                  Encrypted:false
                  SSDEEP:
                  MD5:F3902F10F1BBC8AFEC99C7A4E47984FE
                  SHA1:7EA933E30A182DD3E74FC77B2839C953CC8F5F24
                  SHA-256:8C665D92B4F0A66C948A325EDC66E9036F84687623DA418B1A3F77E42210C7E1
                  SHA-512:540982EE6F5FD37158689B17604C0F5773820A02AC273DC5925366178FC1433D41B162FFB4D12D54E25A68A040BAB0F710C5354F004A0FE8677C6387571C9750
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,...._@/../......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IeYZ.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VeYd.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VeYd.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VeYd............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VeYe............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............w3.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 5 22:19:09 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2683
                  Entropy (8bit):3.9998777722482157
                  Encrypted:false
                  SSDEEP:
                  MD5:0E26676C095ED24AF45F5BE534D00CB2
                  SHA1:97615836CAAC9ADED121C73E1B1708D20BE7FE40
                  SHA-256:8C25E7F4408B8B212CEAB8AF2F9A8ABF2B6D6CE0737CCED108E3C4AD10276AAB
                  SHA-512:47F1977B744A1BFED1AF85D7A5A11209F2853B3B0F21FDAF42F3A065A1DD0764490C567DC2F873B560C27FB3E0EB60528404F96CF5DFDD8660741D28393E8AD5
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,........./......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IeYZ.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VeYd.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VeYd.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VeYd............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VeYe............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............w3.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  Chrome Cache Entry: 81

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, ASCII text, with very long lines (64961), with CRLF line terminators
                  Category:downloaded
                  Size (bytes):168037
                  Entropy (8bit):5.062886113973753
                  Encrypted:false
                  SSDEEP:
                  MD5:64F82ABBAC42E1EE2E3B4AF29DC03B36
                  SHA1:3D9C7C23019EAD50B60D62FCBD34F4C959935A68
                  SHA-256:2B5BD56561E7923817A266CEFFB5BF7A33717BCCED603C98E3157EE300D63220
                  SHA-512:D7C047CE822CD149FAD04BF549B55B2CECAADD1B8BC69BE7F78EE40EB572927731B5FD47F89C10B0BDA4E053BD3C8AA560521751BF3A95985212BBF0BC8885A2
                  Malicious:false
                  Reputation:unknown
                  URL:https://www.shareholds.com/can/Login/SubmitPage/bm1sWEMxUDMyQVNjcUhiZUpqSzNkWExhMlBWeE9mM2RveDM5UHNLcVZTb1pRSHpEWXNLaGQ5SUpSbWRDR3BTb2l3ZHg0YndKTzVQTnpuUG5Md2FFRVV6cm5EQVpXWGdMYTArRlpaOVBIcjQ3K3hxUlFXcVRieTMzNTFQSTlpMU5FcjFSbVJKKzR3b1k5SXlKTzgzUVF1MTFzRlZJU28zS3hnTkwwK2p3YjBoNmxhbWpZa0toejdvc0dwWlpTNVVOMzNFWmFubzQzVHRjSDFmMGRvS2dGMll0Rld5U3YvMkpZSkMxTXBHMWVjZEpGWm9vZTdVekxjNjNDNE50WHRnb3p3WGp4ejIzMmN5SWVPNkZnVXdtVW50eW9zN01VdzJKc3JwR212NlZTdElYODl3OUYyS0FNMmpLWlhsdHR1eVpwRTN4bFVPeFlrQ3k1ekNDaVAxS0FmMk9KVThhdFlqbTlqVkJFN0V4THJYaXg2ekx5azhWVy91MmM2UXMzQXVMN2RkVEFCb3N0TnhvR0NPV212SkJUdz09
                  Preview:<!DOCTYPE html>..<html>..<head>.. <title></title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=10.000">.. <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">.. <meta http-equiv="cache-control" content="no-cache,no-store">.. <meta http-equiv="pragma" content="no-cache">.. <meta http-equiv="expires" content="-1">.. <link href="/Content/Sign_In_files/style.css" rel="stylesheet" type="text/css" />..</head>..<body>....<!DOCTYPE html> <html dir='ltr' class='' lang='en'> <head> <title>Sign in to your account</title> <meta http-equiv='Content-Type' content='text/html; charset=UTF-8'> <meta http-equiv='X-UA-Compatible' content='IE=edge'> <meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes'> <style type='text/css'> html { font-family: sans-serif; -ms-text-size-adjust: 100%; -webkit-text

                  Chrome Cache Entry: 82

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with no line terminators
                  Category:downloaded
                  Size (bytes):60
                  Entropy (8bit):4.637210437818784
                  Encrypted:false
                  SSDEEP:
                  MD5:6935DB3017CF6EFAD6CA0D3FE931737C
                  SHA1:FB0D53ABF8633B168C9BC8488AD498F0D52578E3
                  SHA-256:74E304CA831C681A9EEB5A9BDCBDDD7F3F4909460B2A0116F2BA1A033253F97E
                  SHA-512:E0E6ED67F752CFC8C0767F2F0E698C16D46D3470910AC19559E2DBF492C75A968185B0353BB9429ADF4594B2B70261A134707FD2EE61A4D4A6423083C7881B2A
                  Malicious:false
                  Reputation:unknown
                  URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSFwkY8LswxWkz1hIFDXFnXWMSBQ3Ubard?alt=proto
                  Preview:CisKCw1xZ11jGgQIVhgCChwN1G2q3RoECEsYAioPCApSCwoBQBABGP////8P

                  Chrome Cache Entry: 83

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):198
                  Entropy (8bit):4.816428224415438
                  Encrypted:false
                  SSDEEP:
                  MD5:1E3427A62E79ED24BDFC6FFA1DDC2DC2
                  SHA1:C2FBC41FCADF48518192F5CD1C968FB05FA44617
                  SHA-256:9029D5647ED4D5172C6876489B36E572A3F9320E93A2E84BABE158C011040FDB
                  SHA-512:ECB76F5E94F59C0FD7F8168021024259AD6B22E89124A9B507E2F8BE896DE831427D2A76B1B6B4AE42ED809B1A56F6E9A4D4F2DAEF1A1BBA70F997B03D2C06C7
                  Malicious:false
                  Reputation:unknown
                  Preview:.$(document).ready(function () {.. var form = document.getElementById('form_id');.. if (form != null) {.. form.value = new URL(window.location.href).searchParams.get('id');.. }..})

                  Chrome Cache Entry: 84

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, ASCII text, with CRLF line terminators
                  Category:downloaded
                  Size (bytes):4270
                  Entropy (8bit):5.001473490621857
                  Encrypted:false
                  SSDEEP:
                  MD5:87306133C167AE6AF4FCBC9FE0876B2B
                  SHA1:4612A396F54161FBEFB3A375BD8B640A302D03E8
                  SHA-256:C14468CDC2213365958A15B100E91D5B1722EFED31F0EB898D838EB7114316FE
                  SHA-512:71817738BFA7489837C7377DAD717BA26574305B882C054FBE032608924AC479686FEA19AF443288146BC79CE7D82628FA9CC13FB62B8D340BFA729C587FF687
                  Malicious:false
                  Reputation:unknown
                  URL:https://www.shareholds.com/favicon.ico
                  Preview:..<!DOCTYPE html>..<html>..<head>.. <meta name="viewport" content="width=device-width">.. <title>Microsoft page</title>.. <style>.. body {.. padding: 100px 0;.. }.... .column2 {.. padding: 0px 0px 0px 50px.. }.. .. .center {.. display: flex;.. justify-content: center;.. padding: 40px;.. height: 40px.. }.. </style>..</head>..<body>.. <div class="row center">.. <img class="logo" role="presentation" pngsrc="~/Content/newSignInFiles/microsoft_logo.png" svgsrc="~/Content/newSignInFiles/microsoft_logo.png" data-bind="imgSrc" src="/Content/newSignInFiles/microsoft_logo.svg">.. </div>.. <div class="row center"> .. <div class="column1">.. <h3>This page is owned by Microsoft Corporation</h3>.. <p>It is used in simulations to drive end user security awareness.</p><br>.. <p>For a complete list of Microsoft owned URL'

                  Chrome Cache Entry: 88

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (65450), with CRLF line terminators
                  Category:dropped
                  Size (bytes):89478
                  Entropy (8bit):5.2899182577550565
                  Encrypted:false
                  SSDEEP:
                  MD5:B61AA6E2D68D21B3546B5B418BF0E9C3
                  SHA1:9C1398F0DE4C869DACB1C9AB1A8CC327F5421FF7
                  SHA-256:F36844906AD2309877AAE3121B87FB15B9E09803CB4C333ADC7E1E35AC92E14B
                  SHA-512:5882735D9A0239C5C63C5C87B81618E3C8DC09D7D743C3444C535B9547B9B65DEFA509D7804552C581CB84B61DD1225E2ADD5DCA6B120868EC201FA979504F4B
                  Malicious:false
                  Reputation:unknown
                  Preview:/*! jQuery v3.5.1 | (c) JS Foundation and other contributors | jquery.org/license */..!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"

                  Chrome Cache Entry: 89

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:SVG Scalable Vector Graphics image
                  Category:downloaded
                  Size (bytes):513
                  Entropy (8bit):4.720499940334011
                  Encrypted:false
                  SSDEEP:
                  MD5:A9CC2824EF3517B6C4160DCF8FF7D410
                  SHA1:8DB9AEBAD84CA6E4225BFDD2458FF3821CC4F064
                  SHA-256:34F9DB946E89F031A80DFCA7B16B2B686469C9886441261AE70A44DA1DFA2D58
                  SHA-512:AA3DDAB0A1CFF9533F9A668ABA4FB5E3D75ED9F8AFF8A1CAA4C29F9126D85FF4529E82712C0119D2E81035D1CE1CC491FF9473384D211317D4D00E0E234AD97F
                  Malicious:false
                  Reputation:unknown
                  URL:https://aadcdn.msftauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
                  Preview:<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>assets</title><path d="M18,11.578v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944.594.594L7.617,11.578Z" fill="#404040"/><path d="M10.944,7.056l.594.594L7.617,11.578H18v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944m0-.141-.071.07L5.929,11.929,5.858,12l.071.071,4.944,4.944.071.07.071-.07.594-.595.071-.07-.071-.071L7.858,12.522H18.1V11.478H7.858l3.751-3.757.071-.071-.071-.07-.594-.595-.071-.07Z" fill="#404040"/></svg>

                  Chrome Cache Entry: 90

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (50758), with CRLF line terminators
                  Category:downloaded
                  Size (bytes):51045
                  Entropy (8bit):5.248340698798764
                  Encrypted:false
                  SSDEEP:
                  MD5:E47A9D976663A4CE4DB5961AF909EB58
                  SHA1:12CA7264086B9E543605395947C6671EDDE9AC80
                  SHA-256:4F3FAEEC469294B610F6CA82AA1CC2B3368FD56611B31C551C2EE224FEADB411
                  SHA-512:BFAF1DBB52F6B55BA44C63E8353F1DE6F25E7A8BD24A366E202F5E78F64A9404C25B31E5A560CE9C61049F3D38B7853CE5091E6E86C0F53AAD491A9C06948A80
                  Malicious:false
                  Reputation:unknown
                  URL:https://www.shareholds.com/Content/bootstrap.min.js
                  Preview:/*!.. * Bootstrap v4.1.3 (https://getbootstrap.com/).. * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors).. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */..!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,h){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(r){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{},e=Object.keys(o);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(o).filter(function(t){return Object.getOwnPropertyDescriptor(o,t)

                  Chrome Cache Entry: 92

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                  Category:downloaded
                  Size (bytes):7868
                  Entropy (8bit):5.004251051031321
                  Encrypted:false
                  SSDEEP:
                  MD5:BAD3E4D73AB8638EF18D6B46780111A9
                  SHA1:4C253CF88BE490DD7E435BC3ABFBBD18D2011227
                  SHA-256:F116760BD4B44C1A29B36DD4D59729BAD9091A9B0E89C2B470BFF0086982A822
                  SHA-512:A2B414C322CEAFCFE446C1ED116F2E9D2C8517A71C02B67D0856DA02B3ED3E3C10ABEC101D8D0C60DDF66782FEBD74FAE31BC9AF28A75FDEAEB46B743F8A2BEC
                  Malicious:false
                  Reputation:unknown
                  URL:https://www.shareholds.com/Content/Sign_In_files/style.css
                  Preview:* {...margin:0px;...padding:0px;..}..html, body..{.. height:100%;.. width:100%;.. background-color:#ffffff;.. color:#000000;.. font-weight:normal;.. font-family:"Segoe UI" , "Segoe" , "SegoeUI-Regular-final", Tahoma, Helvetica, Arial, sans-serif;.. min-width:500px;.. -ms-overflow-style:-ms-autohiding-scrollbar;..}....body..{.. font-size:0.9em;..}....#noScript { margin:16px; color:Black; }....:lang(en-GB){quotes:'\2018' '\2019' '\201C' '\201D';}..:lang(zh){font-family:....;}....@-ms-viewport { width: device-width; }../*@-moz-viewport { width: device-width; }..@-o-viewport { width: device-width; }../*@-webkit-viewport { width: device-width; }*/..@viewport { width: device-width; }..../* Theme layout styles */....#fullPage, #brandingWrapper..{.. width:100%;.. height:100%;.. background-color:inherit;..}..#brandingWrapper..{.. background-color:#4488dd;..}..#branding..{ .. /* A background image will be added to the #branding element at

                  Chrome Cache Entry: 93

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
                  Category:downloaded
                  Size (bytes):673
                  Entropy (8bit):7.6596900876595075
                  Encrypted:false
                  SSDEEP:
                  MD5:0E176276362B94279A4492511BFCBD98
                  SHA1:389FE6B51F62254BB98939896B8C89EBEFFE2A02
                  SHA-256:9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
                  SHA-512:8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
                  Malicious:false
                  Reputation:unknown
                  URL:https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
                  Preview:...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q...*..~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1.....*.#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

                  Chrome Cache Entry: 94

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
                  Category:dropped
                  Size (bytes):1435
                  Entropy (8bit):7.8613342322590265
                  Encrypted:false
                  SSDEEP:
                  MD5:9F368BC4580FED907775F31C6B26D6CF
                  SHA1:E393A40B3E337F43057EEE3DE189F197AB056451
                  SHA-256:7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
                  SHA-512:0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
                  Malicious:false
                  Reputation:unknown
                  Preview:...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.|..~.|{~...b{8...zv.....8|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g*.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dg*N.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f*;.....Zhrr.,.U....6.Y....+Zd.*R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

                  Chrome Cache Entry: 95

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, ASCII text, with very long lines (29881), with CRLF, LF line terminators
                  Category:downloaded
                  Size (bytes):51695
                  Entropy (8bit):5.7513666955993274
                  Encrypted:false
                  SSDEEP:
                  MD5:CE5A511CD79EBED91620D137F770D340
                  SHA1:6278449D1F567BA4B75CD3A5CEA717D1EBAA726F
                  SHA-256:AF27D4DB525E41C6ADD8837E8657EAC10AE356EC86CE69DC6CC580532AF6F0AE
                  SHA-512:D9744DFA05525DEC5FACB0210EAEBF7293C9E28D7C53FA6B0B60360785D6D5282A61F0CC20CFFBDBFD0311297BC935E57FEDBB05EB65748489812DF2007EDD64
                  Malicious:false
                  Reputation:unknown
                  URL:https://www.shareholds.com/can/Landing/Index/bm1sWEMxUDMyQVNjcUhiZUpqSzNkWExhMlBWeE9mM2RveDM5UHNLcVZTb1pRSHpEWXNLaGQ5SUpSbWRDR3BTb2l3ZHg0YndKTzVQTnpuUG5Md2FFRVV6cm5EQVpXWGdMYTArRlpaOVBIcjQ3K3hxUlFXcVRieTMzNTFQSTlpMU5FcjFSbVJKKzR3b1k5SXlKTzgzUVF1MTFzRlZJU28zS3hnTkwwK2p3YjBoNmxhbWpZa0toejdvc0dwWlpTNVVOMzNFWmFubzQzVHRjSDFmMGRvS2dGMll0Rld5U3YvMkpZSkMxTXBHMWVjZEpGWm9vZTdVekxjNjNDNE50WHRnb3p3WGp4ejIzMmN5SWVPNkZnVXdtVW50eW9zN01VdzJKc3JwR212NlZTdElYODl3OUYyS0FNMmpLWlhsdHR1eVpwRTN4bFVPeFlrQ3k1ekNDaVAxS0FmMk9KVThhdFlqbTlqVkJFN0V4THJYaXg2ekx5azhWVy91MmM2UXMzQXVMN2RkVEFCb3N0TnhvR0NPV212SkJUdz09
                  Preview:<!DOCTYPE html>..<html>..<head>.. <title></title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=10.000">.. <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">.. <meta http-equiv="cache-control" content="no-cache,no-store">.. <meta http-equiv="pragma" content="no-cache">.. <meta http-equiv="expires" content="-1">.. <link href="/Content/Sign_In_files/style.css" rel="stylesheet" type="text/css" />..</head>..<body>....<!DOCTYPE html>..<html lang="en">..<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <style data-merge-styles="true"></style>.. <meta name="viewport" content="width=device-width, initial-scale=1">.. <title>Microsoft 365 Security & Compliance</title>.. <style type="text/css">.. body {.. margin: 0;.. font-family: -apple-system, BlinkMacSystemFont, 'Seg

                  Chrome Cache Entry: 98

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, ASCII text, with very long lines (64961), with CRLF line terminators
                  Category:downloaded
                  Size (bytes):159445
                  Entropy (8bit):5.032548826431176
                  Encrypted:false
                  SSDEEP:
                  MD5:1D822255AC41F16A3E71EB86EF81C4D4
                  SHA1:F2EE3FD4DC548116C1E45B0C8B481DCC237E78D2
                  SHA-256:9AD793E29DC98E63EC0863C410E2B1D1316991DFA902DF0DE0F6DF36E917890C
                  SHA-512:F032FD98060334FFBB37A145059A2973ED2F6C52EA31166F0AADFEBDE8E7947EE07F53DFFF33C79A51A2D973BCB217690D8BC4481F32827F37C3493D207EE8DC
                  Malicious:false
                  Reputation:unknown
                  URL:https://www.shareholds.com/can/f65ff838-b358-40d0-96c8-3c3f80f301e7/5c1a75ea-67d0-4642-8662-21d2f809e12c/a2094b65-f41f-48a5-a4ff-4697001585ac/login?id=bm1sWEMxUDMyQVNjcUhiZUpqSzNkWExhMlBWeE9mM2RveDM5UHNLcVZTb1pRSHpEWXNLaGQ5SUpSbWRDR3BTb2l3ZHg0YndKTzVQTnpuUG5Md2FFRVV6cm5EQVpXWGdMYTArRlpaOVBIcjQ3K3hxUlFXcVRieTMzNTFQSTlpMU5FcjFSbVJKKzR3b1k5SXlKTzgzUVF1MTFzRlZJU28zS3hnTkwwK2p3YjBoNmxhbWpZa0toejdvc0dwWlpTNVVOMzNFWmFubzQzVHRjSDFmMGRvS2dGMll0Rld5U3YvMkpZSkMxTXBHMWVjZEpGWm9vZTdVekxjNjNDNE50WHRnb3p3WGp4ejIzMmN5SWVPNkZnVXdtVW50eW9zN01VdzJKc3JwR212NlZTdElYODl3OUYyS0FNMmpLWlhsdHR1eVpwRTN4bFVPeFlrQ3k1ekNDaVAxS0FmMk9KVThhdFlqbTlqVkJFN0V4THJYaXg2ekx5azhWVy91MmM2UXMzQXVMN2RkVEFCb3N0TnhvR0NPV212SkJUdz09
                  Preview:<!DOCTYPE html>..<html>..<head>.. <title></title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=10.000">.. <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">.. <meta http-equiv="cache-control" content="no-cache,no-store">.. <meta http-equiv="pragma" content="no-cache">.. <meta http-equiv="expires" content="-1">.. <link href="/Content/Sign_In_files/style.css" rel="stylesheet" type="text/css" />..</head>..<body>....<!DOCTYPE html> <html dir='ltr' class='' lang='en'> <head> <title>Sign in to your account</title> <meta http-equiv='Content-Type' content='text/html; charset=UTF-8'> <meta http-equiv='X-UA-Compatible' content='IE=edge'> <meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes'> <style type='text/css'> html { font-family: sans-serif; -ms-text-size-adjust: 100%; -webkit-text

                  Chrome Cache Entry: 99

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
                  Category:dropped
                  Size (bytes):621
                  Entropy (8bit):7.673946009263606
                  Encrypted:false
                  SSDEEP:
                  MD5:4761405717E938D7E7400BB15715DB1E
                  SHA1:76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
                  SHA-256:F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
                  SHA-512:E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
                  Malicious:false
                  Reputation:unknown
                  Preview:..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x*...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E.."....*...x.@..?u......../....8...

                  Static File Info

                  No static file info