Edit tour
Windows
Analysis Report
Portfolio Review _2024.html
Overview
General Information
| Sample name: | Portfolio Review _2024.html |
| Analysis ID: | 1557972 |
| MD5: | 345e77908be5f5743e6edcafafb0cca1 |
| SHA1: | 753e38cdc04cab3022e3a49bf42358d832098cf5 |
| SHA256: | c056493c081c10f337b154426ecd66c78e6a29a27e36cd07a925a9cb53d2c236 |
| Infos: | |
 | |
Detection
| Score: | 60 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
HTML file submission requesting Cloudflare captcha challenge
Detected javascript redirector / loader
Detected hidden input values containing email addresses (often used in phishing pages)
Detected non-DNS traffic on DNS port
Form action URLs do not match main URL
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML title does not match URL
Stores files to the Windows start menu directory
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)
Classification
- System is w10x64_ra
chrome.exe (PID: 4244 cmdline: "C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t C:\Users \user\Desk top\Portfo lio Review _2024.htm l MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6860 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2180 --fi eld-trial- handle=198 0,i,147267 3806327874 1117,49529 0179614973 699,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
Phishing | |
|---|
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Memory has grown: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Classification label: | ||
| Source: | File created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Window detected: | ||
Data Obfuscation | |
|---|
| Source: | HTTP Parser: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 1 Scripting | 1 Drive-by Compromise | Windows Management Instrumentation | 1 Scripting | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 Registry Run Keys / Startup Folder | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Extra Window Memory Injection | 1 Deobfuscate/Decode Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Extra Window Memory Injection | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 11% | ReversingLabs | Document-HTML.Trojan.Redirector |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| alternative-magic.com | 69.49.245.172 | true | false | unknown | |
| CDG-efz.ms-acdc.office.com | 52.97.233.98 | true | false | high | |
| sni1gl.wpc.alphacdn.net | 152.199.21.175 | true | false | high | |
| ky.gurativez.ru | 188.114.97.3 | true | true | unknown | |
| s-part-0017.t-0009.t-msedge.net | 13.107.246.45 | true | false | high | |
| ooc-g2.tm-4.office.com | 40.99.150.34 | true | false | high | |
| code.jquery.com | 151.101.66.137 | true | false | high | |
| cdnjs.cloudflare.com | 104.17.25.14 | true | false | high | |
| challenges.cloudflare.com | 104.18.95.41 | true | false | high | |
| sni1gl.wpc.omegacdn.net | 152.199.21.175 | true | false | high | |
| www.google.com | 172.217.18.4 | true | false | high | |
| ek3vzkjswtfz9qsulyl8dfg2k0vzr6roduverwk2jiyjrxfornrcjhcy.puabgqj.ru | 188.114.97.3 | true | false | unknown | |
| s-part-0032.t-0009.t-msedge.net | 13.107.246.60 | true | false | high | |
| js.monitor.azure.com | unknown | unknown | false | high | |
| www.office.com | unknown | unknown | false | high | |
| outlook.office.com | unknown | unknown | false | high | |
| aadcdn.msftauth.net | unknown | unknown | false | high | |
| substrate.office.com | unknown | unknown | false | high | |
| logincdn.msftauth.net | unknown | unknown | false | high | |
| m365cdn.nel.measure.office.net | unknown | unknown | false | high | |
| mem.gfx.ms | unknown | unknown | false | high | |
| dc.services.visualstudio.com | unknown | unknown | false | high | |
| login.microsoftonline.com | unknown | unknown | false | high | |
| portal.office.com | unknown | unknown | false | high | |
| acctcdn.msftauth.net | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| true |
| unknown | |
| true | unknown | ||
| false |
| unknown | |
| false | unknown | ||
| true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 13.107.6.156 | unknown | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 152.199.19.161 | unknown | United States | 15133 | EDGECASTUS | false | |
| 23.38.98.102 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
| 13.107.246.45 | s-part-0017.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 23.38.98.104 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
| 104.18.94.41 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
| 13.69.109.130 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 40.126.31.71 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 40.126.32.76 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 20.190.159.68 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 20.190.159.23 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 151.101.66.137 | code.jquery.com | United States | 54113 | FASTLYUS | false | |
| 142.250.184.227 | unknown | United States | 15169 | GOOGLEUS | false | |
| 2.19.97.194 | unknown | European Union | 20940 | AKAMAI-ASN1EU | false | |
| 142.250.186.138 | unknown | United States | 15169 | GOOGLEUS | false | |
| 104.17.24.14 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
| 157.58.197.16 | unknown | United States | 3598 | MICROSOFT-CORP-ASUS | false | |
| 1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
| 69.49.245.172 | alternative-magic.com | United States | 46606 | UNIFIEDLAYER-AS-1US | false | |
| 172.217.18.4 | www.google.com | United States | 15169 | GOOGLEUS | false | |
| 142.250.185.110 | unknown | United States | 15169 | GOOGLEUS | false | |
| 104.18.95.41 | challenges.cloudflare.com | United States | 13335 | CLOUDFLARENETUS | false | |
| 20.42.65.94 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 20.50.88.235 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 216.58.206.42 | unknown | United States | 15169 | GOOGLEUS | false | |
| 151.101.2.137 | unknown | United States | 54113 | FASTLYUS | false | |
| 142.250.181.227 | unknown | United States | 15169 | GOOGLEUS | false | |
| 167.220.71.70 | unknown | United States | 3598 | MICROSOFT-CORP-ASUS | false | |
| 88.221.169.152 | unknown | European Union | 16625 | AKAMAI-ASUS | false | |
| 2.19.126.153 | unknown | European Union | 16625 | AKAMAI-ASUS | false | |
| 20.31.161.73 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
| 188.114.97.3 | ky.gurativez.ru | European Union | 13335 | CLOUDFLARENETUS | true | |
| 172.217.18.106 | unknown | United States | 15169 | GOOGLEUS | false | |
| 20.190.159.0 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 188.114.96.3 | unknown | European Union | 13335 | CLOUDFLARENETUS | false | |
| 152.199.21.175 | sni1gl.wpc.alphacdn.net | United States | 15133 | EDGECASTUS | false | |
| 142.250.186.142 | unknown | United States | 15169 | GOOGLEUS | false | |
| 64.233.184.84 | unknown | United States | 15169 | GOOGLEUS | false | |
| 104.17.25.14 | cdnjs.cloudflare.com | United States | 13335 | CLOUDFLARENETUS | false | |
| 2.19.97.184 | unknown | European Union | 20940 | AKAMAI-ASN1EU | false | |
| 40.126.32.138 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
| IP |
|---|
| 192.168.2.16 |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1557972 |
| Start date and time: | 2024-11-18 19:48:54 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 13 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | stream |
| Analysis stop reason: | Timeout |
| Sample name: | Portfolio Review _2024.html |
| Detection: | MAL |
| Classification: | mal60.phis.evad.winHTML@22/6@66/338 |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- Excluded IPs from analysis (whitelisted): 142.250.181.227, 142.250.185.110, 64.233.184.84, 34.104.35.123
- Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: Portfolio Review _2024.html
| Input | Output |
|---|---|
| URL: :// Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: :// | |
| URL: http://ky.gurativez.ru/hH7_CLfW8B06uDZbFmAiLw/#D#M[[-Email-]] Model: Joe Sandbox AI | ```json
{
"contains_trigger_text": true,
"trigger_text": "Conducting verification on your browser to ensure safety.",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false
} |
 | |
| URL: http://ky.gurativez.ru Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": true,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": true
} |
URL: http://ky.gurativez.ru | |
| URL: http://ky.gurativez.ru/hH7_CLfW8B06uDZbFmAiLw/#D#M[[-Email-]] Model: Joe Sandbox AI | ```json
{
"contains_trigger_text": true,
"trigger_text": "Conducting verification on your browser to ensure safety.",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false
} |
 | |
| URL: http://ky.gurativez.ru/hH7_CLfW8B06uDZbFmAiLw/#D#M[[-Email-]] Model: Joe Sandbox AI | ```json
{
"brands": []
}
```
The provided image does not contain any visible brands or logos. The image only shows a message stating "Conducting verification on your browser to ensure safety." There are no brand names or logos visible in the header, footer, or any other part of the page. |
| |
| URL: http://ky.gurativez.ru/hH7_CLfW8B06uDZbFmAiLw/#D#M[[-Email-]] Model: Joe Sandbox AI | ```json
{
"brands": [
"Cloudflare"
]
} |
| |
| URL: http://ky.gurativez.ru/hH7_CLfW8B06uDZbFmAiLw/#D#M[[-Email-]] Model: Joe Sandbox AI | ```json
{
"contains_trigger_text": true,
"trigger_text": "Conducting verification on your browser to ensure safety.",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false
} |
 | |
| URL: http://ky.gurativez.ru/hH7_CLfW8B06uDZbFmAiLw/#D#M[[-Email-]] Model: Joe Sandbox AI | ```json
{
"brands": [
"Cloudflare"
]
} |
| |
| URL: https://www.office.com/ Model: Joe Sandbox AI | ```json
{
"contains_trigger_text": true,
"trigger_text": "Welcome to Microsoft 365",
"prominent_button_name": "Sign in",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false
} |
 | |
| URL: https://www.office.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://www.office.com | |
| URL: https://www.office.com/ Model: Joe Sandbox AI | ```json
{
"brands": [
"Microsoft",
"Microsoft 365"
]
} |
| |
| URL: https://www.office.com/ Model: Joe Sandbox AI | ```json
{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Sign in",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false
} |
 | |
| URL: https://www.office.com/ Model: Joe Sandbox AI | ```json
{
"brands": [
"Microsoft",
"Microsoft 365"
]
} |
| |
| URL: https://login.microsoftonline.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://login.microsoftonline.com | |
| URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2F Model: Joe Sandbox AI | ```json
{
"contains_trigger_text": true,
"trigger_text": "Trying to sign you in",
"prominent_button_name": "Cancel",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false
} |
 | |
| URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2F Model: Joe Sandbox AI | ```json
{
"brands": []
}
```
The provided image does not contain any visible brand logos or identifiable brands. The image shows a simple login screen with the text "Trying to sign you in" and a "Cancel" button, but no brand names or logos are present. |
| |
| URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2F Model: Joe Sandbox AI | ```json
{
"contains_trigger_text": true,
"trigger_text": "Sign in",
"prominent_button_name": "Next",
"text_input_field_labels": [
"billig@microsoft.com"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false
} |
 | |
| URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2F Model: Joe Sandbox AI | ```json
{
"contains_trigger_text": true,
"trigger_text": "Taking you to your organization's sign-in page",
"prominent_button_name": "Cancel",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false
} |
 | |
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=7d2bbe00-9fcb-439e-b109-067a1e3220d2&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhdI7rNtkFAfwOLk39yGgV21VtQvKgAQCktif48 Model: Joe Sandbox AI | ```json
{
"contains_trigger_text": true,
"trigger_text": "Sign in with PIN or smartcard",
"prominent_button_name": "Sign in with PIN or smartcard",
"text_input_field_labels": [
"Password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false
} |
 | |
| URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2F Model: Joe Sandbox AI | ```json
{
"brands": [
"Microsoft"
]
} |
| |
| URL: https://msft.sts.microsoft.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://msft.sts.microsoft.com | |
| URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2F Model: Joe Sandbox AI | ```json
{
"brands": [
"Microsoft"
]
} |
| |
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=7d2bbe00-9fcb-439e-b109-067a1e3220d2&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhdI7rNtkFAfwOLk39yGgV21VtQvKgAQCktif48 Model: Joe Sandbox AI | ```json
{
"brands": [
"Microsoft"
]
} |
| |
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=7d2bbe00-9fcb-439e-b109-067a1e3220d2&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhdI7rNtkFAfwOLk39yGgV21VtQvKgAQCktif48 Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is classified as 'wellknown'.", "The URL 'msft.sts.microsoft.com' is a subdomain of 'microsoft.com', which is the legitimate domain for Microsoft.", "The use of 'msft' and 'sts' as subdomains is consistent with Microsoft's naming conventions for services and authentication.", "No suspicious elements such as misspellings or unusual domain extensions are present in the URL." ], "riskscore": 1} |
URL: msft.sts.microsoft.com
Brands: Microsoft
Input Fields: Password | |
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=7d2bbe00-9fcb-439e-b109-067a1e3220d2&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhdI7rNtkFAfwOLk39yGgV21VtQvKgAQCktif48 Model: Joe Sandbox AI | ```json
{
"contains_trigger_text": true,
"trigger_text": "bill@microsoft.com",
"prominent_button_name": "Sign in",
"text_input_field_labels": [
"Password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false
} |
 | |
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=7d2bbe00-9fcb-439e-b109-067a1e3220d2&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhdI7rNtkFAfwOLk39yGgV21VtQvKgAQCktif48 Model: Joe Sandbox AI | ```json
{
"contains_trigger_text": true,
"trigger_text": "Incorrect user ID or password. Type the correct user ID and password, and try again.",
"prominent_button_name": "Sign in with PIN or smartcard",
"text_input_field_labels": [
"Password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false
} |
 | |
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=7d2bbe00-9fcb-439e-b109-067a1e3220d2&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhdI7rNtkFAfwOLk39yGgV21VtQvKgAQCktif48 Model: Joe Sandbox AI | ```json
{
"contains_trigger_text": true,
"trigger_text": "Incorrect user ID or password. Type the correct user ID and password, and try again.",
"prominent_button_name": "Sign in",
"text_input_field_labels": [
"bill@microsoft.com",
"....."
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false
} |
 | |
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=7d2bbe00-9fcb-439e-b109-067a1e3220d2&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhdI7rNtkFAfwOLk39yGgV21VtQvKgAQCktif48 Model: Joe Sandbox AI | ```json
{
"brands": [
"Microsoft"
]
} |
| |
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=7d2bbe00-9fcb-439e-b109-067a1e3220d2&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhdI7rNtkFAfwOLk39yGgV21VtQvKgAQCktif48 Model: Joe Sandbox AI | ```json
{
"brands": [
"Microsoft"
]
} |
| |
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=7d2bbe00-9fcb-439e-b109-067a1e3220d2&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhdI7rNtkFAfwOLk39yGgV21VtQvKgAQCktif48 Model: Joe Sandbox AI | ```json
{
"brands": [
"Microsoft"
]
} |
| |
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=7d2bbe00-9fcb-439e-b109-067a1e3220d2&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhdI7rNtkFAfwOLk39yGgV21VtQvKgAQCktif48 Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is classified as 'wellknown'.", "The URL 'msft.sts.microsoft.com' is a subdomain of 'microsoft.com', which is the legitimate domain for Microsoft.", "The use of 'msft' is a common abbreviation for Microsoft and is not suspicious in this context.", "The domain structure does not contain any suspicious elements such as misspellings or unusual domain extensions.", "The input field uses a Microsoft email address, which aligns with the brand and domain." ], "riskscore": 1} |
URL: msft.sts.microsoft.com
Brands: Microsoft
Input Fields: bill@microsoft.com, ..... | |
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=7d2bbe00-9fcb-439e-b109-067a1e3220d2&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhdI7rNtkFAfwOLk39yGgV21VtQvKgAQCktif48 Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is classified as 'wellknown'.", "The URL 'msft.sts.microsoft.com' is a subdomain of 'microsoft.com', which is the legitimate domain for Microsoft.", "The use of 'sts' in the subdomain is common for security token services, which is consistent with Microsoft's services.", "No suspicious elements such as misspellings or unusual domain extensions are present in the URL." ], "riskscore": 1} |
URL: msft.sts.microsoft.com
Brands: Microsoft
Input Fields: Password | |
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=7d2bbe00-9fcb-439e-b109-067a1e3220d2&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhdI7rNtkFAfwOLk39yGgV21VtQvKgAQCktif48 Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is classified as 'wellknown'.", "The URL 'msft.sts.microsoft.com' is a subdomain of 'microsoft.com', which is the legitimate domain for Microsoft.", "The use of 'sts' in the subdomain is common for security token services, which is consistent with Microsoft's services.", "No suspicious elements such as misspellings or unusual domain extensions are present in the URL." ], "riskscore": 1} |
URL: msft.sts.microsoft.com
Brands: Microsoft
Input Fields: Password |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2673 |
| Entropy (8bit): | 3.9800041368158277 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 650E9D5EECAD5E70F7E777C9EB876DBC |
| SHA1: | 93A9C358EBACE6D9AA8C3834BF471F97CB4B5E65 |
| SHA-256: | 767635FB78DFDDD84F48C2B6B1C1C8BD59A7D97E0E9DFA72BFBEAD73898A0B50 |
| SHA-512: | 0492DE564D83E4F9736339166F3ED37CEDF0142C491C8E7ACAD86D6242F80FC8957BCDF236D832B0CC1E077A7E5097229B39DDE781BCDAF758AEDCF125FB24FA |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2675 |
| Entropy (8bit): | 3.9983427773297398 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | C26D773614CDEC55E059AFB87507AB0D |
| SHA1: | 1769FC5E8F2ACAF36EE5D318C9E8798576E45482 |
| SHA-256: | 139FC678D57650AEDF92283FF4CEDB1EEE896B700C7DD201466B6C4CA724D0DB |
| SHA-512: | EA8051E4B61C307016ED2DED5AB9A28447D35140161F2C1AC26B455B254F1B2CF13057F80922E3293E2BEA113ACFD381C9BF2373DDE4C383DE290C1F2EFB256B |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2689 |
| Entropy (8bit): | 4.005321503018393 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | D0ED95E18050BADADE8E74E5259252D8 |
| SHA1: | 1059F213258BEC67748C4F6631A9B7CB6908F827 |
| SHA-256: | 383F672FADF03CB5A405C1AAAD6C7374662D79EF3BF97F6D73B158E16E209B66 |
| SHA-512: | 6A538A4277E4E3887D45DE9680E1AB8568B6FE021DB7B8BBB5C37F96E787A76792EEC5E006687F3CD9F90B2A5968D2FEFBE8D7FCE760CBA78FBBD2B3578227A2 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2677 |
| Entropy (8bit): | 3.994613288420585 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | D1CB45E760A1DA6B7B2894CC341589DD |
| SHA1: | 1DF512659AC94A5C54EAD9BC57BA30C8329930AC |
| SHA-256: | 3ADD90411EC0C9A68B6F63B385CB21E315721F1C72023A98FE43C7693018410C |
| SHA-512: | FDDF75701FFDBCC1962677FEA662576526E4F74A752760408E7636CE3E5B2FCB2255209A43DA75320FA0CB3C5294BC4DD069DC0211405632B3447D107DCCB49A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2677 |
| Entropy (8bit): | 3.9823066169971484 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 588B99BAB4ED470E4CC54DD59EB6B470 |
| SHA1: | F2717255D73B79174B43C69937130B40D2A16C99 |
| SHA-256: | 896F9B5F8111736EEE66C0D22B42A36E3586D9CA2EA6F0F226FE7EDD79142265 |
| SHA-512: | 7836573286254492A44B683A5051E47C7DDCB0EEBEBB7A78610637D729D7E2EAFE13AD6DC2C46264F09DD6C81214B202CA251F4FB58C86E136BA9E422C948877 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2679 |
| Entropy (8bit): | 3.9913161377452093 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 5EDE0CFF747E6AD0C8577DAC2F11A213 |
| SHA1: | 01D2B42ED4F71A14A696E1C170961A248A988822 |
| SHA-256: | 9291771BF5DF8D5A99CFC32C85B26A8196737A0030A0A57F44E6E6ABF7835756 |
| SHA-512: | 9D118B344C4F2BEBA77DB740602322C1FAC69944BF95996BF56A08D6656477D921854CD9539FBA95F004D246DD054806A0BF6246AE11928BC7E91D9E5B7F68CC |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| File type: | |
| Entropy (8bit): | 5.522445296822553 |
| TrID: |
|
| File name: | Portfolio Review _2024.html |
| File size: | 2'604 bytes |
| MD5: | 345e77908be5f5743e6edcafafb0cca1 |
| SHA1: | 753e38cdc04cab3022e3a49bf42358d832098cf5 |
| SHA256: | c056493c081c10f337b154426ecd66c78e6a29a27e36cd07a925a9cb53d2c236 |
| SHA512: | 1691138dd030510c08c64a91e00c063c68fadf4c2b34771f77c698a6ec9e6e9434c76281561ac1c1f008fc07bf9a877323f0c67dfb79f649b176dce649b05300 |
| SSDEEP: | 48:EqOfBEJvI/H+xqYw1EYLPOEreDFt+9VLcNF8CD0oeUmByGQQsRUYvIlatVCxHdz:OWZyYgEcOEEw9JcNde2GQQOtVCxh |
| TLSH: | A95143222F6383F31A23CDA6212FD118759E073B126AD1D8E088E3595A03B77890FDC8 |
| File Content Preview: | <html>.<head><meta charset="UTF-8"> <p> He planted a tree in the backyard. </p> --></head><body>.<script>.shearwater /* The writer found inspiration in the bustling city. */ = {"....":"v","....":"d","...........":"e","....":"p",".......":"3","....": |
 | |
| Icon Hash: | 173149cccc490307 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node