Edit tour

Windows Analysis Report
https://ohpky5.fj78.fdske.com/e/c/01jbx9w45rt8n7dv9hga5bx34b/01jbx9w45rt8n7dv9hgd1yw31d

Overview

General Information

Sample URL:	https://ohpky5.fj78.fdske.com/e/c/01jbx9w45rt8n7dv9hga5bx34b/01jbx9w45rt8n7dv9hgd1yw31d
Analysis ID:	1549884

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

AI detected landing page (webpage, office document or email)

AI detected suspicious URL

HTML body contains low number of good links

HTML title does not match URL

Stores files to the Windows start menu directory

Suspicious form URL found

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6280 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7000 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1948,i,15196763638105284688,4095709508024351063,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6632 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ohpky5.fj78.fdske.com/e/c/01jbx9w45rt8n7dv9hga5bx34b/01jbx9w45rt8n7dv9hgd1yw31d" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://xou.loz.mybluehost.me/.app/escp/	LLM: Score: 9 Reasons: The brand 'WiZink' is a known financial institution primarily operating in Spain., The legitimate domain for WiZink is 'wizink.es'., The provided URL 'xou.loz.mybluehost.me' does not match the legitimate domain for WiZink., The URL uses a subdomain structure under 'mybluehost.me', which is a hosting provider, not directly associated with WiZink., The presence of input fields for 'Tu usuario' and 'Tu contrasea' suggests an attempt to collect sensitive information, which is common in phishing sites. DOM: 2.2.pages.csv
Source: https://xou.loz.mybluehost.me/.app/escp/targeta.php	LLM: Score: 9 Reasons: The brand 'Wizink' is a known financial institution primarily operating in Spain., The legitimate domain for Wizink is 'wizink.es'., The URL 'xou.loz.mybluehost.me' does not match the legitimate domain for Wizink., The URL uses a subdomain structure under 'mybluehost.me', which is a hosting provider, not directly associated with Wizink., The presence of sensitive input fields like card number, expiration date, and CVV is typical for phishing sites targeting financial information., The use of a hosting provider's domain with unrelated subdomains is a common tactic in phishing attempts. DOM: 6.6.pages.csv

Source: https://xou.loz.mybluehost.me/.app/escp/

HTTP Parser: Number of links: 0

Source: https://xou.loz.mybluehost.me/.app/escp/

HTTP Parser: Title: Acceso online al banco online de WiZink, banco de crdito y ahorro. does not match URL

Source: https://xou.loz.mybluehost.me/.app/escp/	HTTP Parser: Form action: formaxb.php
Source: https://xou.loz.mybluehost.me/.app/escp/	HTTP Parser: Form action: formaxb.php

Source: https://xou.loz.mybluehost.me/.app/escp/

HTTP Parser: <input type="password" .../> found

Source: https://aliceblue-louse-316138.hostingersite.com/wiki.html	HTTP Parser: No favicon
Source: https://humdrum-beryl-minnow.glitch.me/	HTTP Parser: No favicon

Source: https://xou.loz.mybluehost.me/.app/escp/	HTTP Parser: No <meta name="author".. found
Source: https://xou.loz.mybluehost.me/.app/escp/	HTTP Parser: No <meta name="author".. found

Source: https://xou.loz.mybluehost.me/.app/escp/	HTTP Parser: No <meta name="copyright".. found
Source: https://xou.loz.mybluehost.me/.app/escp/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49748 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	DNS traffic detected: DNS query: ohpky5.fj78.fdske.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: aliceblue-louse-316138.hostingersite.com
Source: global traffic	DNS traffic detected: DNS query: humdrum-beryl-minnow.glitch.me
Source: global traffic	DNS traffic detected: DNS query: xou.loz.mybluehost.me
Source: global traffic	DNS traffic detected: DNS query: pro.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49748 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@20/32@20/180

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1948,i,15196763638105284688,4095709508024351063,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ohpky5.fj78.fdske.com/e/c/01jbx9w45rt8n7dv9hga5bx34b/01jbx9w45rt8n7dv9hgd1yw31d"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1948,i,15196763638105284688,4095709508024351063,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: https://xou.loz.mybluehost.me/.app/escp/ciging1.php

LLM: Page contains button: 'CONFIRMACIN' Source: '4.4.pages.csv'

AI detected suspicious URL

Source: Email

JoeBoxAI: AI detected Typosquatting in URL: URL: https://xou.loz.mybluehost.me

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	2 Browser Extensions	1 Process Injection	3 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://ohpky5.fj78.fdske.com/e/c/01jbx9w45rt8n7dv9hga5bx34b/01jbx9w45rt8n7dv9hgd1yw31d	2%	Virustotal		Browse
https://ohpky5.fj78.fdske.com/e/c/01jbx9w45rt8n7dv9hga5bx34b/01jbx9w45rt8n7dv9hgd1yw31d	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
cdnjs.cloudflare.com	104.17.24.14	true	false	high
d1t477sh1jt4n.cloudfront.net	18.245.86.7	true	false	unknown
humdrum-beryl-minnow.glitch.me	34.237.25.55	true	false	unknown
www.google.com	142.250.185.196	true	false	high
free.cdn.hstgr.net	84.32.84.121	true	false	unknown
xou.loz.mybluehost.me	66.235.200.146	true	true	unknown
ohpky5.fj78.fdske.com	unknown	unknown	false	unknown
aliceblue-louse-316138.hostingersite.com	unknown	unknown	false	unknown
pro.fontawesome.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://aliceblue-louse-316138.hostingersite.com/wiki.html	false	unknown
https://xou.loz.mybluehost.me/.app/escp/ciging1.php	true	unknown
https://xou.loz.mybluehost.me/.app/escp/scoda.php	true	unknown
https://xou.loz.mybluehost.me/.app/escp/targeta.php	true	unknown
https://humdrum-beryl-minnow.glitch.me/	false	unknown
https://xou.loz.mybluehost.me/.app/escp/	true	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.184.195	unknown	United States	15169	GOOGLEUS	false
142.250.185.67	unknown	United States	15169	GOOGLEUS	false
172.64.147.188	unknown	United States	13335	CLOUDFLARENETUS	false
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.250.185.206	unknown	United States	15169	GOOGLEUS	false
216.58.212.142	unknown	United States	15169	GOOGLEUS	false
74.125.133.84	unknown	United States	15169	GOOGLEUS	false
142.250.185.234	unknown	United States	15169	GOOGLEUS	false
142.250.181.234	unknown	United States	15169	GOOGLEUS	false
142.250.185.202	unknown	United States	15169	GOOGLEUS	false
66.235.200.146	xou.loz.mybluehost.me	United States	13335	CLOUDFLARENETUS	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.196	www.google.com	United States	15169	GOOGLEUS	false
34.237.25.55	humdrum-beryl-minnow.glitch.me	United States	14618	AMAZON-AESUS	false
84.32.84.121	free.cdn.hstgr.net	Lithuania	33922	NTT-LT-ASLT	false
18.245.86.7	d1t477sh1jt4n.cloudfront.net	United States	16509	AMAZON-02US	false
172.217.16.195	unknown	United States	15169	GOOGLEUS	false
104.17.25.14	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1549884
Start date and time:	2024-11-06 07:52:39 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://ohpky5.fj78.fdske.com/e/c/01jbx9w45rt8n7dv9hga5bx34b/01jbx9w45rt8n7dv9hgd1yw31d
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@20/32@20/180

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.250.185.206, 74.125.133.84, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: aliceblue-louse-316138.hostingersite.com
VT rate limit hit for: d1t477sh1jt4n.cloudfront.net
VT rate limit hit for: free.cdn.hstgr.net
VT rate limit hit for: ohpky5.fj78.fdske.com

LLM Input / Output

Input	Output
URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": true, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: URL: https://ohpky5.fj78.fdske.com
URL: https://xou.loz.mybluehost.me/.app/escp/ Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Accede a WiZink Online", "prominent_button_name": "REGISTAR AGORA", "text_input_field_labels": [ "Tu usuario", "Tu contrasea" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": true, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": true, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: URL: https://xou.loz.mybluehost.me
URL: https://xou.loz.mybluehost.me/.app/escp/ Model: claude-3-haiku-20240307	```json { "brands": [ "WiZink" ] }
	```json { "brands": [ "WiZink" ] }
URL: https://xou.loz.mybluehost.me/.app/escp/ Model: gpt-4o	```json{ "legit_domain": "wizink.es", "classification": "known", "reasons": [ "The brand 'WiZink' is a known financial institution primarily operating in Spain.", "The legitimate domain for WiZink is 'wizink.es'.", "The provided URL 'xou.loz.mybluehost.me' does not match the legitimate domain for WiZink.", "The URL uses a subdomain structure under 'mybluehost.me', which is a hosting provider, not directly associated with WiZink.", "The presence of input fields for 'Tu usuario' and 'Tu contrasea' suggests an attempt to collect sensitive information, which is common in phishing sites." ], "riskscore": 9} Google indexed: False
URL: xou.loz.mybluehost.me Brands: WiZink Input Fields: Tu usuario, Tu contrasea
URL: https://xou.loz.mybluehost.me/.app/escp/ Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Accede a WiZink Online", "prominent_button_name": "REGISTAR AGORA", "text_input_field_labels": [ "Tu usuario", "Tu contrasea" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://xou.loz.mybluehost.me/.app/escp/ciging1.php Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Verificacin de tarjeta", "prominent_button_name": "CONFIRMACIN", "text_input_field_labels": [ "VERIFICA TU IDENTIDAD" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://xou.loz.mybluehost.me/.app/escp/ Model: claude-3-haiku-20240307	```json { "brands": [ "WiZink" ] }
	```json { "brands": [ "WiZink" ] }
URL: https://xou.loz.mybluehost.me/.app/escp/ciging1.php Model: claude-3-haiku-20240307	```json { "brands": [ "Wizink" ] }
	```json { "brands": [ "Wizink" ] }
URL: https://xou.loz.mybluehost.me/.app/escp/scoda.php Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Por seguridad, queremos confirmar que res t quien est accediendo.", "prominent_button_name": "SEGUIR", "text_input_field_labels": [ "Cdigo" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false }

URL: https://xou.loz.mybluehost.me/.app/escp/scoda.php Model: claude-3-haiku-20240307	```json { "brands": [ "Wizink" ] }
	```json { "brands": [ "Wizink" ] }
URL: https://xou.loz.mybluehost.me/.app/escp/targeta.php Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Hemos detectado una actividad sospechosa en su tarjeta de crdito Activa ya tu tarjeta y comienza a disfrutar de todas tus ventajas. Es solo un momento!!!!!!!!", "prominent_button_name": "ACTIVAR TARJETA", "text_input_field_labels": [ "Nmero de tarjeta", "Fecha de vencimiento de la tarjeta", "CVV" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false }

URL: https://xou.loz.mybluehost.me/.app/escp/targeta.php Model: claude-3-haiku-20240307	```json { "brands": [ "Wizink" ] }
	```json { "brands": [ "Wizink" ] }
URL: https://xou.loz.mybluehost.me/.app/escp/targeta.php Model: gpt-4o	```json{ "legit_domain": "wizink.es", "classification": "known", "reasons": [ "The brand 'Wizink' is a known financial institution primarily operating in Spain.", "The legitimate domain for Wizink is 'wizink.es'.", "The URL 'xou.loz.mybluehost.me' does not match the legitimate domain for Wizink.", "The URL uses a subdomain structure under 'mybluehost.me', which is a hosting provider, not directly associated with Wizink.", "The presence of sensitive input fields like card number, expiration date, and CVV is typical for phishing sites targeting financial information.", "The use of a hosting provider's domain with unrelated subdomains is a common tactic in phishing attempts." ], "riskscore": 9} Google indexed: False
URL: xou.loz.mybluehost.me Brands: Wizink Input Fields: Nmero de tarjeta, Fecha de vencimiento de la tarjeta, CVV

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 6 05:53:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9843796003544374
Encrypted:	false
SSDEEP:
MD5:	6CC155FB6E811968134A97BD6C79B110
SHA1:	B0ACCAE5CCDD3C0219BB5B4DFA3B9D70E56FCBDF
SHA-256:	827E6D1DB775AB219A4FB0AF076ADF8580DBDBCC9EE7C7A884D834D94626A8BF
SHA-512:	6E165847DC030B0C43EF7001C2103ECDC01FB5FEB4F8C7833F18040FC2DAD04AB9273F37744BB147AA1DADDBA109FCB2AD459E5061E21C43C457A7BAEC665D13
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....0...0..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IfY.6....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VfY.6....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VfY.6....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VfY.6..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VfY.6...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............U......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 6 05:53:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9991427293941864
Encrypted:	false
SSDEEP:
MD5:	A1D2708EBB03C37C8EABEF62CDBB336B
SHA1:	FF323788318F7A4D60CB23AD27F529ABF93E5372
SHA-256:	FB3681075138834E868D15CAB879463135B17183B3022828F7FE8B4D24A0FD83
SHA-512:	35E603C72E05A08082A34D444A3E219F31A444BE5A87740D114DA3A628D0C2D1D7060552BA061504FBABD9491CE0C851E2C100EE45B522C980ABF2493FB162C6
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Iv..0..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IfY.6....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VfY.6....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VfY.6....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VfY.6..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VfY.6...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............U......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.0095861852634975
Encrypted:	false
SSDEEP:
MD5:	30E44B459FD05D2A3ACC4CB6603DF247
SHA1:	DDC3A0119206B63A171B660550A6AAFE7BF5AF40
SHA-256:	13BB2264B670B0AB18F9F314EB8630C078D4E14D7B9EBEAEB9D3AC59FAE7276B
SHA-512:	C44E3807CDE29E2942ABD1C4A26409C268D3CBD87A221D7EADA8ADC398E4BCB93BDFD24C89AD7E5B4BD09DFDC504ED9A3EC35A43212ED4C02CC9271EBA292FAF
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IfY.6....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VfY.6....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VfY.6....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VfY.6..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............U......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 6 05:53:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.995021673944392
Encrypted:	false
SSDEEP:
MD5:	27689A31FC50EB2898F0AA5C1B149D09
SHA1:	90727F6288BD3C0AB9F99E9F8DA1F150992BD51D
SHA-256:	1EFBE9AAACDB61BD25E3056CCF81C36D348500947A594544657F978531692DAC
SHA-512:	1982F70C09E8A165D51E9BE1A3CAB31E4A3BF01166DC8442AE14B96BCB12517E5A27ADE4BD297949A18B6B06CA4F4C7824CA7FDCDB9C2F2348F6E92ABA4E4616
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....Z.o..0..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IfY.6....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VfY.6....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VfY.6....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VfY.6..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VfY.6...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............U......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 6 05:53:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9890610710992696
Encrypted:	false
SSDEEP:
MD5:	A35B30CF2F2CA379AFFA5B2CA942738B
SHA1:	6133D4046A3E65A84DD94D61ED423A653183611B
SHA-256:	33013082A153C5DB51621A97099178E2E2133AD064618EBCE67B13A81B03C795
SHA-512:	566E9C93684B4F2C6E005DD054CD52C2E0CE816419C1D3F6EBA85ACA152334C5BB842A98A184C9DC7B4D05A2A2BB9261D988F179599F39B5832D1B5F19894B9C
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......\|..0..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IfY.6....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VfY.6....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VfY.6....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VfY.6..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VfY.6...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............U......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 6 05:53:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9944822607768744
Encrypted:	false
SSDEEP:
MD5:	AB5F96FE2FD6D1BF2DE2DF5AC356EB1A
SHA1:	42495130DA68A435F3FDD9DBD0F466DD2C2BA5D7
SHA-256:	3391238919B1253E148F72ADC64650549D1B390DE356B60137E13B516E8AA7B9
SHA-512:	7F7284AE03CEEFCF0AA0E798875FB73F55C6C869CE34DE8029A218C1369AAA26A93CC23BB7AAB7EA735A6A3DEDAC469292DB3CB0D709B1075803AFD7365E6B39
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......f..0..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IfY.6....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VfY.6....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VfY.6....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VfY.6..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VfY.6...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............U......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	9
Entropy (8bit):	2.94770277922009
Encrypted:	false
SSDEEP:
MD5:	9D1EAD73E678FA2F51A70A933B0BF017
SHA1:	D205CBD6783332A212C5AE92D73C77178C2D2F28
SHA-256:	0019DFC4B32D63C1392AA264AED2253C1E0C2FB09216F8E2CC269BBFB8BB49B5
SHA-512:	935B3D516E996F6D25948BA8A54C1B7F70F7F0E3F517E36481FDF0196C2C5CFC2841F86E891F3DF9517746B7FB605DB47CDDED1B8FF78D9482DDAA621DB43A34
Malicious:	false
Reputation:	unknown
URL:	https://humdrum-beryl-minnow.glitch.me/favicon.ico
Preview:	Not Found

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	173
Entropy (8bit):	4.8944732802527975
Encrypted:	false
SSDEEP:
MD5:	E72817A3281F425A77D26CD2931AD524
SHA1:	7EF9BA900911AEBBBE266F354FC3E4CDE1008458
SHA-256:	C7DB2403E414369D114B5A6E2FA1297D749B93FED9DC961636FC6DD685213FA0
SHA-512:	230CC5C33EC1E46C70206252BE14960DF415860072E3C00AF5140846CBD19959CCC1F56BB12D4FC0B8E34618B45457896617AD0EEE784B6B111246D624D7BC7F
Malicious:	false
Reputation:	unknown
URL:	https://humdrum-beryl-minnow.glitch.me/
Preview:	<!DOCTYPE html>.<html>.<head>.<title></title>..<meta http-equiv="refresh" content="0; URL=https://xou.loz.mybluehost.me/.app/escp">.</head>..<body>. <p></p>.</body>..</html>

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	3466
Entropy (8bit):	5.00614561824589
Encrypted:	false
SSDEEP:
MD5:	D7B6D5C91DEA31CAFB19CA2C513564E4
SHA1:	147201C270BA31075B541F86636371457413ABC6
SHA-256:	D186BDE2E0B2F8263622B3731A3E683E0583601B85AEECE86D2C183CF214BFD2
SHA-512:	4CF0CA08755BBCE24BF692C2883551A25A2B2280348AF61612584AF6AFECEA3904326A6A4C22FE0C8BF303964C86AB82ADE23893C70C21C8347A4674A3682E72
Malicious:	false
Reputation:	unknown
URL:	https://xou.loz.mybluehost.me/.app/escp/targeta.php
Preview:	____ INFORMATION ____ .. .. TELEGRAM : @ghayt_Zone..-->........<!DOCTYPE html>..<html>....<head>.. <meta charset="utf-8">.. <title>Acceso online al banco online de WiZink, banco de cr.dito y ahorro.</title>.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1">.... template css files-->.. <link rel="stylesheet" href="css/bootstrap.css">.. <link rel="stylesheet" href="css/test.css"> .. <link rel="preconnect" href="https://fonts.gstatic.com">.. .... js files-->.. <script src="js/html5shiv.min.js"></script>.. <script src="js/respond.min.js"></script>.... logo site web-->.. <link rel="icon" href="image/fav.png" type="image/x-icon" />.. <link rel="shortcut icon" href="image/fav.png" type="image/x-icon" />.... fontawtsome -->.. <link rel="stylesheet" href="https://pro.fontawesome.com/releases/v5.10.0/css/all.css" integrity="sha384-AYmEC3Yw5cVb3ZcuHtOA93w35d

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1983
Entropy (8bit):	4.911425006858864
Encrypted:	false
SSDEEP:
MD5:	A6CC8A229C1E62602CFD6B9C80E4A5CA
SHA1:	0788C9725A9F5FD17BB79696599E1A49239B38B9
SHA-256:	E20D67DFCBA2EF76A99B006D9EA9CE99F43B4762CAF0CF1CD8A820E32B66A5D1
SHA-512:	18CCBC9D0CDBA22A6706B514B420FF43EFAE2EEB3B093FE78B9EBCD9F3C4A0CA86895A91E678279BEACA0D739E195D59D11345B2940DEF112DDCC1744EC440B9
Malicious:	false
Reputation:	unknown
URL:	https://xou.loz.mybluehost.me/.app/escp/css/test.css
Preview:	.body{.. background:#00C8C6;..}...img{.. position:absolute;.. left: 0;.. top: 30%;..}...img2{.. position: absolute;.. right:0;.. top: 0;..}...body .logo{.. padding-top: 40px;..}...body .form{.. padding: 25px..}...section{.. max-width: 928px;;.. margin:0 auto;.. padding-bottom: 60px;.. position: relative;.. z-index:999;..}...section .form{.. background:#fff;..}...section .form-group input{.. height: 66px;.. padding: 30px 28px 10px;.. font-size: 18px;.. border-radius:0;..}...section .form-group input:focus{.. box-shadow:none;.. border: 1px solid #00c7c5;..}...section h3{.. font-size: 26px;.. color: #00c7c5;.. font-weight:400;.. margin-bottom: 20px;..}...section .form-group label{.. position: absolute;.. z-index: 5;.. top: 32px;.. font-size: 18px;.. font-weight: 400;.. left: 28px;.. color: #6e7586;..}...radio{.. color: #6e7586;..}...bttn button{.. font-size: 18px;.. line-height: 2.5em;.. padding-top: 10px;.. padding-right: 12px;.. padding-bottom: 6px;

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (4453)
Category:	dropped
Size (bytes):	4593
Entropy (8bit):	5.55174993784284
Encrypted:	false
SSDEEP:
MD5:	78915BB8B3DD6696D3842D82ED48B104
SHA1:	504CCE482567765D63843D7B9D00C4195109C449
SHA-256:	1944A255577A8ED66AE984C6F6356281FF6F29DC84A2AF6F1FACF258C7DAB62E
SHA-512:	FAE71EBE045CE6A2C190B47BDA2A0DD9F042C659C8225F566A31DDF1872DE61048B99EFCB9D9DFB02860E5304940B30C1DFCFDC00C96424F6E97374738139FCF
Malicious:	false
Reputation:	unknown
Preview:	/! Respond.js v1.4.2: min/max-width media query polyfill. Copyright 2014 Scott Jehl. * Licensed under MIT. * https://j.mp/respondjs */..!function(a){"use strict";a.matchMedia=a.matchMedia\|\|function(a){var b,c=a.documentElement,d=c.firstElementChild\|\|c.firstChild,e=a.createElement("body"),f=a.createElement("div");return f.id="mq-test-1",f.style.cssText="position:absolute;top:-100em",e.style.background="none",e.appendChild(f),function(a){return f.innerHTML='<style media="'+a+'"> #mq-test-1 { width: 42px; }</style>',c.insertBefore(e,d),b=42===f.offsetWidth,c.removeChild(e),{matches:b,media:a}}}(a.document)}(this),function(a){"use strict";function b(){v(!0)}var c={};a.respond=c,c.update=function(){};var d=[],e=function(){var b=!1;try{b=new a.XMLHttpRequest}catch(c){b=new a.ActiveXObject("Microsoft.XMLHTTP")}return function(){return b}}(),f=function(a,b){var c=e();c&&(c.open("GET",a,!0),c.onreadystatechange=function(){4!==c.readyState\|\|200!==c.status&&304!==c.status\|\|b(c.responseTex

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (560)
Category:	downloaded
Size (bytes):	193015
Entropy (8bit):	4.9382166348697645
Encrypted:	false
SSDEEP:
MD5:	052DFC723BBDF659B1528E37B1472301
SHA1:	A06F1B5340A4DCEAA9A8E044D0248AB48FCB7E17
SHA-256:	0C159070E198B7ED2A9162D6C9751F5914FF62803914D8512D60B1F5FFDE4334
SHA-512:	99A22FD4A93D74ECA1883C15EE63799EEE662428DB0371A26003D14988C9BF8300597835B38637AA2C5961E9DDE3B8E67EB371609E2E68E62DDAA62BDD792A97
Malicious:	false
Reputation:	unknown
URL:	https://xou.loz.mybluehost.me/.app/escp/css/bootstrap.css
Preview:	@charset "UTF-8";./!. Bootstrap v5.0.0-beta1 (https://getbootstrap.com/). * Copyright 2011-2020 The Bootstrap Authors. * Copyright 2011-2020 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */.:root {. --bs-blue: #0d6efd;. --bs-indigo: #6610f2;. --bs-purple: #6f42c1;. --bs-pink: #d63384;. --bs-red: #dc3545;. --bs-orange: #fd7e14;. --bs-yellow: #ffc107;. --bs-green: #198754;. --bs-teal: #20c997;. --bs-cyan: #0dcaf0;. --bs-white: #fff;. --bs-gray: #6c757d;. --bs-gray-dark: #343a40;. --bs-primary: #0d6efd;. --bs-secondary: #6c757d;. --bs-success: #198754;. --bs-info: #0dcaf0;. --bs-warning: #ffc107;. --bs-danger: #dc3545;. --bs-light: #f8f9fa;. --bs-dark: #212529;. --bs-font-sans-serif: system-ui, -apple-system, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", "Liberation Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";. --bs-font-monospace: SFMono-Regular, Menlo, M

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 181 x 101, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3940
Entropy (8bit):	7.892614615421476
Encrypted:	false
SSDEEP:
MD5:	ED99B62F0E0268861159182D6293E975
SHA1:	1374B048E0A63DDC2C56DA68879899BCA664120B
SHA-256:	18F6EC9C3AD421CE13AE5A52E4156FC62BE7ECBF40701A822D3E11A78083D6D0
SHA-512:	C90D559F52AB35C85D0D1384CBE9F57171D454D87C1BD3BEA32684BD3A978CB8C66B6E1692AC0EAF377332DF37E6D8E490C2279768DFCC78C4E259CBA78684E1
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......e......m.....+IDATx.....E...DL%..TB.MM..O..@T..h.x./4.$I.1BQQ...4.D...G4?.P........"y..M..EA.......wv.{..{.{.9......<;;...3.....j..i4..u.MF...2...QO.):...Tx...c........+....Tx....F.tvx..@].<.U.d........3P.-.0C.......M.N.E.......>.........4..Q.2...9...=.y.c.y,....>1.%P..g....e...9....g.uQ"M[..=i...^....h.X.h.5.....:......t...:.n4.LG...u"...oV..h....z..pv..-.>`..'..:..J..u.i....d?p.^C...f.CX.`s ...{..C......?.a....?.{......Lc........d?...-...F.1l..Hff.g.........d?.1zU......v.a1..n.;....#-:..=:.q...P.....p..`'.y5B.:.=<vG0...v.FZ.x...D./.i.X.1x6.+..pqq\y.R................x....6.x...}....u.)..S#..blG.y3..{............N....c#.i.B....i....u.....\{..i.....q....8...@]Grm\..!.QO..k+..%..`.Y.i.F.....k.$.....XF...q.M..4.f.....L..}.?,M....6.k..is/#.`.}..u...P...C..%O\.Wt.Dx......W^..6\|...W.P..Ci;n..p...;..f..........@.`J.q.....o.F\;...H\|c...Q-=.aw....@.`J...?Hy..`O.......iN.t......@.`..H...F.q..Cs....@.`...q...\|.&.3....

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 182 x 347, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1408
Entropy (8bit):	7.378619948094583
Encrypted:	false
SSDEEP:
MD5:	925275CE4481E20A480197664E9164BD
SHA1:	702194CB7C07B3381290A36CACC792C1115049EE
SHA-256:	F823579344088AB273A94B1476D9790669D6939E528A2595F350B2BB726046DA
SHA-512:	F0A18F5FCEDB2724EC833F8C3DDCB70BDE98C9669267FC22657B160B72BC5C51C96C849276C83BD1B7CF9515E107B36058565985FF9052D0A1AB9C5BB8840E08
Malicious:	false
Reputation:	unknown
URL:	https://xou.loz.mybluehost.me/.app/escp/image/point.png
Preview:	.PNG........IHDR.......[.....O......KPLTEf.....f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f...N`.....tRNS..........-./0QRSTUabcdfg.if.....IDATx...n.I.DY....2a......!..vY}..9.].oJ.#'.q+.w...................+O....+..7..>.s^i.?......r.}iy.9...Clmy.9?..c.h...$;......-Ou....t]..../...D.I..D.I..D..4......O...........)"&..'.,.N7@H.r..}.2.U.A..D.I..D.I..hmD...R.........!..+mH...J.R,..`.>D..[..n..>D......!?.U.M..D.I..D.I.....IY..T.!.CU.2.U.!.IU.RDL...O&Y..n.....}..d....h;...h;y.~.%.vrJ.v....m.3........A.....\|....j.........o..\..W....M......../v-..$....bK.c7..k.....-..hw.G.p...$;....G.qp.\|.q...=,.~.\9....K..o...R..m'.v.m'.v.m'..k.'.\|A...I%.}..o.F.'...].UD.......?.~.D.'...aY...'..p'.m'[./.L..s.h;...h;...UT^j3^TQy......+m..U^iC^TQy..y.C.......-.N7@...p..E.....&.N..$.N..$.N.......O...........)"&..'.,.N7@H.r..}.2.U.A..D.I..D.I..hmD...R.........!..+mH...J.R,..`.>D..[..n..>D......!?.U.M..D.I..D.I.....IY..T.!.C

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	40
Entropy (8bit):	4.558694969562842
Encrypted:	false
SSDEEP:
MD5:	ED5A473B4A57A1269DDFA5EF090B135A
SHA1:	86C46422153E762847582BB13405D8BD7AB7DF7B
SHA-256:	D73ADC4CADE2BB708CC803A74CCF09F8F9D39C5B53523A9663965A08E3518121
SHA-512:	7CA899A1B9FD0EC5A79FADF60297DF1D90B0AB57BE3E0F63038E35BE40D71CF2B9D4DFF6DA6A8B1BDB562072B791A77B769DDC68CC4F1864AC9F91B97A2E7037
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHglSNjbBF3d75hIFDaOKs4QSBQ3NRZMrEgUNCL5bpw==?alt=proto
Preview:	ChsKBw2jirOEGgAKBw3NRZMrGgAKBw0IvlunGgA=

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 512 x 512, 16-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	17736
Entropy (8bit):	7.347204146474664
Encrypted:	false
SSDEEP:
MD5:	2B7CACA0D781A9442951EED2B3F63783
SHA1:	D851F5C7477E263487A647B2DC4E0A17424DEE2E
SHA-256:	EE0FB5FC4BD37866E88A650741A6C10D87B5A6DBA661424A97EAE692F8D824DB
SHA-512:	ABF5D933C7637DB01C396BFA7361469441C5D0D5C88509B03B5546BAE1931B1A690066779CB3198E70BD0F52A82CEF6CDEE39427C1D648B56A680A4A60856629
Malicious:	false
Reputation:	unknown
URL:	https://xou.loz.mybluehost.me/.app/escp/image/sms.png
Preview:	.PNG........IHDR.....................gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs...`...`..kB.....tIME.......]O.`..D7IDATx...y\|......w...@..4x`.(hQ..n..V..Q@.j+..UA ....\...Vl......(........Z1...).#.~..@..r$!.w6.z.....=_...~f...i...No.@...G.7....7-ZH...f.$;.6n.L.&...$3.vML..efdb.d>.../..twb....1!..V..b.L.Z\,...dQ.d/3.l.,...".63..$...['.....+%....+...M].\.j<.r...6u.M.7...T..:..EzEz5j$...;/.X.2=;u...f\q..d.m..uJ...83p.:I..y.$..C.gK.q..;.H)...f......(..Xx...K.TSx.M.}.pM....7w......P.>.L2].S.J..../..X..u8...c>,..I.O..j;.....G...&I.tkZ..t............._..D.`.D)T...;.....3....F.O.?..O....y......\....z3.L.].$........5\|...:muA..t...I5,..6l.>[.\.a..I...~.d.Q.V-......7+T........`.`..?w.........6..P..T.yS..C......I.U...:...8...j.nI...q..v=...RG..l..:....I......^+.y..3.H.e'.y..T...x..j.v....x..)mHz..^r..... .......:..i...d<...d;..+]......L...#.........._......u.$.km.W^.T.....N.....D.q..vv.~%.{g,}.m....%...~l..

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8392)
Category:	dropped
Size (bytes):	8459
Entropy (8bit):	5.280311672269761
Encrypted:	false
SSDEEP:
MD5:	AE3F52C2166F5C09F5F3CEEDA2C15F01
SHA1:	7D5B0613EE02BC0F39F546443F338C806634C5F6
SHA-256:	6C4BA1C662B440B3AEFE5E5147EA2DF72F80E510E4979C65485A7B0FFF894E37
SHA-512:	BC1BB9778873B56729BCA9A9FAA512F1A7EF5943234DDE7D67B722D23E989CABBCDF2CBA5E1FD5C6D819A88B5E20568ADE03180E6D009CEA77A44178CFA69F33
Malicious:	false
Reputation:	unknown
Preview:	(function(){var t,e,n,r,a,i,o,l,u,s,c,h,p,f,g,v,d,m,y,C,T,w,$,D,S=[].slice,k=[].indexOf\|\|function(t){for(var e=0,n=this.length;e<n;e++)if(e in this&&this[e]===t)return e;return-1};t=window.jQuery\|\|window.Zepto\|\|window.$,t.payment={},t.payment.fn={},t.fn.payment=function(){var e,n;return n=arguments[0],e=2<=arguments.length?S.call(arguments,1):[],t.payment.fn[n].apply(this,e)},a=/(\d{1,4})/g,t.payment.cards=r=[{type:"maestro",patterns:[5018,502,503,506,56,58,639,6220,67],format:a,length:[12,13,14,15,16,17,18,19],cvcLength:[3],luhn:!0},{type:"forbrugsforeningen",patterns:[600],format:a,length:[16],cvcLength:[3],luhn:!0},{type:"dankort",patterns:[5019],format:a,length:[16],cvcLength:[3],luhn:!0},{type:"visa",patterns:[4],format:a,length:[13,16],cvcLength:[3],luhn:!0},{type:"mastercard",patterns:[51,52,53,54,55,22,23,24,25,26,27],format:a,length:[16],cvcLength:[3],luhn:!0},{type:"amex",patterns:[34,37],format:/(\d{1,4})(\d{1,6})?(\d{1,5})?/,length:[15],cvcLength:[3,4],luhn:!0},{type:"diner

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 123004, version 330.15728
Category:	downloaded
Size (bytes):	97549
Entropy (8bit):	7.997549621796126
Encrypted:	true
SSDEEP:
MD5:	059B1F6429236E59316D0B994817EEE8
SHA1:	7FBA0A3D42DE2D442A2FDAA7A9DD13D3CBA5C045
SHA-256:	71018F8C6060EE1084896F97DC341C67511765D7268A5EBC55EFE270B6F49F5F
SHA-512:	1307DFCDF17DF85B071C36286579C6FC0A09A6F3C99CE51387C40ADCA148A88412B380995E4D256C264EA1AA5207432AD3B5CF8019C5BA57958C26910A174007
Malicious:	false
Reputation:	unknown
URL:	https://pro.fontawesome.com/releases/v5.10.0/webfonts/fa-solid-900.woff2
Preview:	wOF2.......\|......+....".J=p....................?FFTM....`........`.._.6.$..J..P.. ......a[......N$.N@a.j./.....Rw]......B.;P..U.......1..M..9.Id;..n.-O.u.{5-F.Zv..^...M..Iz5H]"_.A.^.-`Rkm..N..Jk...zQ....K\|...r.............}_..p..-L.^..w:..VQ.9.B!....t>.....B.....h..........~MWy......v3.0.r.......T..C.G.......Y.we.Lr6Y..'1.2l...F.1.`.!.. ..':HB.B.>..:...}..........9K...l.l..:.........ws.OXYJ)..sq..-...A._.i9.....y...c..Z....vHB6`.u.9g...VwW.A......U......>.".H5.@..[..N...<.........i.x.ol.-..%J.Dh$B1.v....(cVF.E%....O.D.P..:.9R.,C....B.a.lT.......u.u..c0.=.uM..F.Fm. .0..@....._....z1....../...............Z.A.........C..@...I..KC...vsU.p].K...#..8/4.&hs.t&u.g.pzB:.X!I?.\4.Vn.`k..+.......F.R..........Q...............9.s........F.b..2....&3...6.l...n..%!I[....J.eSI.._f.W..D>$.`.. ..(.bII...].....eYos..m..\':.....r\|...........x.y.50....^.-..?kZ/]...L.v.....v.g...v\..oK.....-.....%..t..%...%..B.#!a...#(.....X.&2BD,..p&(Jp...hp,...D.j..Vj....

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (2639)
Category:	dropped
Size (bytes):	2730
Entropy (8bit):	5.257162608502389
Encrypted:	false
SSDEEP:
MD5:	40BD440D29B3A9371B0C63FEC41EE64F
SHA1:	E790C26449C57DE298923C686CB3434D1D461A1D
SHA-256:	DC9CBF19B48BAE0D28F72E59E67D6EC34AB1644087EC2E8E42954180D1586B48
SHA-512:	50326D2577F37EC88F3E09C8E52D74D3414F2C11CC86FCC0317D7923EA86D84D8E0330BD3F527353024E7E7CA95E2387ECC44F6AACE13DB0460CD363EF305FA0
Malicious:	false
Reputation:	unknown
Preview:	/*. @preserve HTML5 Shiv 3.7.3 \| @afarkas @jdalton @jon_neal @rem \| MIT/GPL2 Licensed.*/.!function(a,b){function c(a,b){var c=a.createElement("p"),d=a.getElementsByTagName("head")[0]\|\|a.documentElement;return c.innerHTML="x<style>"+b+"</style>",d.insertBefore(c.lastChild,d.firstChild)}function d(){var a=t.elements;return"string"==typeof a?a.split(" "):a}function e(a,b){var c=t.elements;"string"!=typeof c&&(c=c.join(" ")),"string"!=typeof a&&(a=a.join(" ")),t.elements=c+" "+a,j(b)}function f(a){var b=s[a[q]];return b\|\|(b={},r++,a[q]=r,s[r]=b),b}function g(a,c,d){if(c\|\|(c=b),l)return c.createElement(a);d\|\|(d=f(c));var e;return e=d.cache[a]?d.cache[a].cloneNode():p.test(a)?(d.cache[a]=d.createElem(a)).cloneNode():d.createElem(a),!e.canHaveChildren\|\|o.test(a)\|\|e.tagUrn?e:d.frag.appendChild(e)}function h(a,c){if(a\|\|(a=b),l)return a.createDocumentFragment();c=c\|\|f(a);for(var e=c.frag.cloneNode(),g=0,h=d(),i=h.length;i>g;g++)e.createElement(h[g]);return e}function i(a,b){b.cache\|\|(b.cache={

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 21 x 22, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	6.224532095110835
Encrypted:	false
SSDEEP:
MD5:	76BA2BCC97FF7A296DBB8DF37B13E066
SHA1:	94886EC9E997793A9684B43E59018210C4A2570E
SHA-256:	B9216D3A771C4454C42AA776D918FE7C2FCF29FF2C8F6838C8E5FF4A9F49753F
SHA-512:	01D44D0580052F09FA82F8860B88899E783A9583FA1BE36DD2BBAF73FAC182EDABBFA1C080890F74AA7333C12C0E592CAAF2C6E26981F408D19F1CD64CFE4940
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR............./..8....sRGB........dIDATHKc........Q...c`... ..;/..{.3....j......r.=C.P.oQ....5t4L...(7.&)...!..(.;T3...a ....Q0C..2..0V.....IEND.B`.

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	572
Entropy (8bit):	7.178099441357412
Encrypted:	false
SSDEEP:
MD5:	5BF55D21DB7CA61C97E713E021D7EE1E
SHA1:	D144674D533E10A3194C21C5BCD58CEB6B79579F
SHA-256:	15DA46EF42595D2027636E62D2DD0B621190A03F2A99D4F035DBB5A3617D956E
SHA-512:	5ECE099858C077A087000440A69F897E74BB9B632311A0FBBE791F93A5B0F03A6F9081C8AE466E940BE3C993EC3F5C3A288149168ACFA9121D43D8A976C41C79
Malicious:	false
Reputation:	unknown
URL:	https://xou.loz.mybluehost.me/.app/escp/image/fav.png
Preview:	.PNG........IHDR.............(-.S...2PLTE.......................6..;..A..B..L..O..Q............................................^.....\....%g.......,k....2o.3o".."..$..&..)....3..7..:..@..BM.H..N..h..is.i..i..kw.n..n..ow.v..x..........................................................................................................u!......tRNS.............IDAT..c``daccc.bf& ........j......lA.f...v.R.I@>..[..v...A..eT.D\W.HZO4.&.'&d.'%....H..pI..3O...Z..zh9...... ..KF...I ..W.'.I 5..;.Y...5.Y..."51.I@.]M..........:<.....0..d.=xP.E.....IEND.B`.

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 179 x 101, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3113
Entropy (8bit):	7.8666445417793245
Encrypted:	false
SSDEEP:
MD5:	BDE4A93EDDC083A5A6E0C367C66AFB31
SHA1:	C8E4F00FCC918140E2F8D2D820968DAC6C88D82B
SHA-256:	F7D3FB2D84C7ED9C22028BF1C9813D7B3AF79C805B3F51202BB272F0A208929F
SHA-512:	B72AB1E4B37BF317C7896AC8550A5E8C6414A8979CA6B732537CFED107990027996A3AEDF31EC323C82EB1CE705908E7B5081D6C451B8E9D7A3D5AD7B007DDAA
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......e......s......IDATx.....E......,...".......T.WcDHQ^.j........x......Q..49..H..#..I..`Hj.1/..(.\|E..Q8.....9O.cnnf.;.{......I..yv.y>.;;;....:P.....%x^..q.M.%z...i....lP\!xE0m.....'.d.`U...Y...[.Ap.Gd.Z.....m..@.....&.h.....;Y.j.[.A.[P.....[0.au..>....1W.m..Q..@.#.3Y.jS....}S..\|.^?........u.x.S.ZU>vB.\|2_...p.t.............~.R.4./-e.."....x.... ........#...IB..w.....p.`.`\.U.;.2....&..>.6....]...b~...H@<+..........8U..(.Q...w...[,..x> .s...!6."+..b..<...e.^tY..d. .}.2.....l.:v6.rk{....N.._fb7 ....N...(3]..{=.g......!....I_.$.!.t..EV\.....e.n..'.....(zZ.t.f.y.J...J.l?.<....H.k..]5.\|....^......3..C.......qH.%.....?..~.ef...$.5E..).AKLt......%.....:+s..Xe.}?P...Y.!..q ..4.l.....#.m........dF....'..f...F\dv.c,3..x.....St..9%)"...HSr..0/.Nd.....^@..,..(...#......NzDf.............O.eW.4.p.S......~%...dF..t...t....:..n...t..CD...z.dQ..#.rc...>..2..i. .b>..i>.DG.....[..2..i...@8.Z._...q.2.9>...).U...O...x}....+.p/.w.k.<'h

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2668
Entropy (8bit):	5.045916101514605
Encrypted:	false
SSDEEP:
MD5:	D09CE75868FE70469361F6883CE55FC9
SHA1:	3CDE30E9AEA2A6E86B618F40F1DA6641ED306068
SHA-256:	3724FF42FAA90A64C04826780CD81D6AB6705397D1C06CEEA130ACF41EB4E910
SHA-512:	86AB5C23AB982CB18BCE8582EF852E320DE5B700FCD889EF73611A9E079573C608C992569BCA7C36DA4EE38E8B18321306F1E586071673B408CD99E9265E4784
Malicious:	false
Reputation:	unknown
URL:	https://xou.loz.mybluehost.me/.app/escp/scoda.php
Preview:	____ INFORMATION ____ .. .. TELEGRAM : @ghayt_Zone..-->..........<!DOCTYPE html>..<html>....<head>.. <meta charset="utf-8">.. <title>Acceso online al banco online de WiZink, banco de cr.dito y ahorro.</title>.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1">.... template css files-->.. <link rel="stylesheet" href="css/bootstrap.css">.. <link rel="stylesheet" href="css/test.css"> .. <link rel="preconnect" href="https://fonts.gstatic.com">.. .... js files-->.. <script src="js/html5shiv.min.js"></script>.. <script src="js/respond.min.js"></script>.... logo site web-->.. <link rel="icon" href="image/fav.png" type="image/x-icon" />.. <link rel="shortcut icon" href="image/fav.png" type="image/x-icon" />.... fontawtsome -->.. <link rel="stylesheet" href="https://pro.fontawesome.com/releases/v5.10.0/css/all.css" integrity="sha384-AYmEC3Yw5cVb3ZcuHtOA93w3

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	23176
Entropy (8bit):	4.098112352167415
Encrypted:	false
SSDEEP:
MD5:	24992F1ED62BAF9393609F3C6C2AD20E
SHA1:	34716CF70F7F7A9CD072E7796C34CE987F85D18C
SHA-256:	A199620FE981DF00A825F78761D3F7C8870F8117DAA4A890E08018DEC386DAE8
SHA-512:	DD181BFFF8972676CDCD068A59EED0E61BDD04214C4F49216FC783B8B58AB8414EB0D06C1BE03F71F982502000F848D4C0EBC455EB78BCE2737DFF39C5F1CD91
Malicious:	false
Reputation:	unknown
URL:	https://xou.loz.mybluehost.me/.app/escp/js/jquery.mask.js
Preview:	/*. jquery.mask.js. * @version: v1.14.16. * @author: Igor Escobar. . Created by Igor Escobar on 2012-03-10. Please report any bug at github.com/igorescobar/jQuery-Mask-Plugin. . Copyright (c) 2012 Igor Escobar http://igorescobar.com. . The MIT License (http://www.opensource.org/licenses/mit-license.php). . Permission is hereby granted, free of charge, to any person. * obtaining a copy of this software and associated documentation. * files (the "Software"), to deal in the Software without. * restriction, including without limitation the rights to use,. * copy, modify, merge, publish, distribute, sublicense, and/or sell. * copies of the Software, and to permit persons to whom the. * Software is furnished to do so, subject to the following. * conditions:. . The above copyright notice and this permission notice shall be. * included in all copies or substantial portions of the Software.. . THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,. * EXPRESS OR IMP

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	173
Entropy (8bit):	4.914716270384309
Encrypted:	false
SSDEEP:
MD5:	0625C8E7ED75B61EA0AB277DC2DC81C1
SHA1:	42BA4576675CB5678443132F0581B7CC9841F00D
SHA-256:	562BF7E115F02B1A8B6E166ECF4136855072FF892E034F9E875DAD7079D8E391
SHA-512:	3C7496D8983FBB4BC7B1F00147B262F7997DF1FC9C3F4F148ADE566848D1CC323C2303935F5CA61ADF826ADD20F424C0F8DC91C139263A5E78585FA31CC5C738
Malicious:	false
Reputation:	unknown
URL:	https://aliceblue-louse-316138.hostingersite.com/wiki.html
Preview:	<!DOCTYPE html>.<html>.<head>.<title></title>..<meta http-equiv="refresh" content="0; URL=https://humdrum-beryl-minnow.glitch.me/">.</head>..<body>. <p></p>.</body>..</html>

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:
MD5:	F3DA317C0D0E868CD3208435D2C5CE59
SHA1:	4860C84C6B1875C904A6E862A57F2D345F555823
SHA-256:	2B7C5AAA2E8E715BCEFD25782355D9BBBFE18CFC0D4E0CEBE563D816C9A7F29B
SHA-512:	BC372E50266496ADB22F6790097920C66C5F582C9E9F12E4DA9EA5A99DC9C1C3FB096A409EED2E348EAA43BFBE4222BDED54861ED77DAB256449A6EFAF0D61DD
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAmXGzm66zk14BIFDWjTy3k=?alt=proto
Preview:	CgkKBw1o08t5GgA=

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (62126)
Category:	dropped
Size (bytes):	62411
Entropy (8bit):	5.148593032119891
Encrypted:	false
SSDEEP:
MD5:	CABC5D07DEC4C381F521BBCD41C009DB
SHA1:	CA329D086682A4D75B5528D326A66A6D3FFFAB13
SHA-256:	2909D4FA86CF09191E768576E1A6EAB7F2635A2627549C45D29595FFAC9C0DA9
SHA-512:	66F6E36C99F2B57F526B4DFF01C6CFFE787D2BDE6D6ABE11D080314D2DA08760A18889DE7EBD6BEC4A675429694D650437B55AAEF12C1F7AAEBE463587474016
Malicious:	false
Reputation:	unknown
Preview:	/!. Bootstrap v5.0.0-beta1 (https://getbootstrap.com/). * Copyright 2011-2020 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e(require("@popperjs/core")):"function"==typeof define&&define.amd?define(["@popperjs/core"],e):(t="undefined"!=typeof globalThis?globalThis:t\|\|self).bootstrap=e(t.Popper)}(this,(function(t){"use strict";function e(t){if(t&&t.__esModule)return t;var e=Object.create(null);return t&&Object.keys(t).forEach((function(n){if("default"!==n){var i=Object.getOwnPropertyDescriptor(t,n);Object.defineProperty(e,n,i.get?i:{enumerable:!0,get:function(){return t[n]}})}})),e.default=t,Object.freeze(e)}var n=e(t);function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}functi

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65451)
Category:	downloaded
Size (bytes):	89476
Entropy (8bit):	5.2896589255084425
Encrypted:	false
SSDEEP:
MD5:	DC5E7F18C8D36AC1D3D4753A87C98D0A
SHA1:	C8E1C8B386DC5B7A9184C763C88D19A346EB3342
SHA-256:	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
SHA-512:	6CB4F4426F559C06190DF97229C05A436820D21498350AC9F118A5625758435171418A022ED523BAE46E668F9F8EA871FEAB6AFF58AD2740B67A30F196D65516
Malicious:	false
Reputation:	unknown
URL:	https://xou.loz.mybluehost.me/.app/escp/js/jquery-3.5.1.min.js
Preview:	/! jQuery v3.5.1 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"o

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 164092, version 330.15728
Category:	downloaded
Size (bytes):	164092
Entropy (8bit):	7.997408832935425
Encrypted:	true
SSDEEP:
MD5:	06972B05348B8759D0AA647774D6B535
SHA1:	ED48B1B5D9B7FDEB5969F75E73C39C579594B3FF
SHA-256:	5988628ABF66A81BF05A766E5E40849A231BFB746F38D7B34634EC3523F9EA5E
SHA-512:	4E4FBB38F359BCE74306A8A8BAD0F14476A680D7F8BDAF98345B9DEC151C236EB9CE6C6F1C613999E6528CD532D9D5D4AA5962E47A52DCC8856C6BC9ADE3C0D1
Malicious:	false
Reputation:	unknown
URL:	https://pro.fontawesome.com/releases/v5.10.0/webfonts/fa-solid-900.woff
Preview:	wOFF..............+..J=p....................FFTM...0.........).iGDEF...L.........*.yOS/2...l...O...`C...cmap............".(.gasp................glyf......4\...lg+..head..:(...6...6....hhea..:`...!...$.D..hmtx..:..........m.]loca..@..........z[,maxp..Q0....... ...Sname..QP........h9Ntpost..S`..-...T.J............`)l.....d.......d.....................r............x.c`abdna`e``.aLc``p.._.$.Z....X..`.Q.....\S..>0...x....=.3.!.@5`.V.K....#.)....x....O.e.....1....D..cJn...<T.g3m.p..H..^...<....S(.,5@2.57...C.hDd.gS.8x$`.u..w?....#.E.@.........>.v;....?)N..N.0.."=&6.8.<..;y.E...L..1J.TJ..(..i>.C..c....6...N;....r..f:Cm.N..\..D.N..N.4...x...t..<...r^..x.o./y'.s9Wp...Fn........a..$ .(..<#.e.d.<Y,.$O6J.l..KJd.\|'5rH.H...f9'..'..q....t....<....Uz.^.7.B].K...J..'t.n..3.M...W.v._n..s.n.;.}....q.]&.l1.f.)3.M..5..i6d<s../.K..zE^...w.k...i..]fW.O.:...l..........`.lgh\|(=T..;.9.C....GD.GQ..HY.}.......P!m......:N..o.I7.(..+...H..cy"?..<..8.s..^..A."...W.A>.M..Vn.n.>$.....!.d.L..yE

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.0661089398374815
Encrypted:	false
SSDEEP:
MD5:	402DA42208A2BBDD4F889EEC0B1B3612
SHA1:	2842FFBC01743E832FA00903BAC70C03C16DF446
SHA-256:	F33B5FC1D93F9334D7B4296FADD2D904FE43A8B6008CC08B8F3F26DB465D827A
SHA-512:	B96873EB5C324AAAC5C1E16E8F27BE68CAB57A310E6E31B44E9B17A82E3FCD41CAE789E3DBE4B963777CDB666B736B1DEDBD0215450DF2E4216CE82033CEB299
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwkB_k9P8AC0WRIFDQiEZ_ESBQ3OQUx6?alt=proto
Preview:	ChIKBw0IhGfxGgAKBw3OQUx6GgA=

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65393)
Category:	downloaded
Size (bytes):	156228
Entropy (8bit):	4.7111706245877825
Encrypted:	false
SSDEEP:
MD5:	AA1272633E7E552395D147A499BAD186
SHA1:	DDBCCB0011DD4868A013B1DCBDB836B7213EB41D
SHA-256:	2AF905D92CFD34B5413126A54F639DA408166CBBCB54318E413AD5E10B5BF6EC
SHA-512:	886DDFC7252269B42B0ADFD5F4E47DA0CD6CCB9B0B3EA18C015B1E4EDB1EB1F55CF49728FDCDD151949256851C72CC555CD7F6408A5638595F26D0CAF86FFBDC
Malicious:	false
Reputation:	unknown
URL:	https://pro.fontawesome.com/releases/v5.10.0/css/all.css
Preview:	/!. Font Awesome Pro 5.10.0 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license (Commercial License). */..fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pull-left{float:left}.fa-pull-right{float:rig

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	4260
Entropy (8bit):	5.143532162055951
Encrypted:	false
SSDEEP:
MD5:	E0BF53BB825CB47C9348D5AC3796DB74
SHA1:	9F33737ECEAF03BD4DD4676C789647F4EE07F140
SHA-256:	AC40CAE7BB7C815488BC031E1133B9A0D05220F499C0D8B1E6FB109B99A37898
SHA-512:	7090CF568C5BFA6138A6FA61D411B192236A81091E8EA0EB7D206727319576AFB2174956ADAD3EF1B612261DB451BE1EE57C2CA542DA91200C420A6A8089FCC4
Malicious:	false
Reputation:	unknown
URL:	https://xou.loz.mybluehost.me/.app/escp/ciging1.php
Preview:	<!DOCTYPE html>..<html>....<head>.. <meta charset="utf-8">.. <title>Acceso online al banco online de WiZink, banco de cr.dito y ahorro.</title>.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1">.... template css files-->.. <link rel="stylesheet" href="css/bootstrap.css">.. <link rel="stylesheet" href="css/test.css"> .. <link rel="preconnect" href="https://fonts.gstatic.com">.. .... js files-->.. <script src="js/html5shiv.min.js"></script>.. <script src="js/respond.min.js"></script>.... logo site web-->.. <link rel="icon" href="image/fav.png" type="image/x-icon" />.. <link rel="shortcut icon" href="image/fav.png" type="image/x-icon" />.... fontawtsome -->.. <link rel="stylesheet" href="https://pro.fontawesome.com/releases/v5.10.0/css/all.css" integrity="sha384-AYmEC3Yw5cVb3ZcuHtOA93w35dYTsvhLPVnYs9eStHfGJvOvKxVfELGroGkvsg+p" crossorigin="anonymous"/>.. <styl

Static File Info

⊘No static file info

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://ohpky5.fj78.fdske.com/e/c/01jbx9w45rt8n7dv9hga5bx34b/01jbx9w45rt8n7dv9hgd1yw31d

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 82

Chrome Cache Entry: 84

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Chrome Cache Entry: 97

Chrome Cache Entry: 98

Chrome Cache Entry: 99

Static File Info

Windows Analysis Report
https://ohpky5.fj78.fdske.com/e/c/01jbx9w45rt8n7dv9hga5bx34b/01jbx9w45rt8n7dv9hgd1yw31d