Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://starpack.mediabox.com/Mediabox-Independence/Base/weblink?id=20241120-080307-837-8LV2SE6ACR9JVQCF9ONFYW52XBVFBUOJW5OWX0IN&num=CE6PXFINEE&MBI_datasource=STARPACK

Overview

General Information

Sample URL:https://starpack.mediabox.com/Mediabox-Independence/Base/weblink?id=20241120-080307-837-8LV2SE6ACR9JVQCF9ONFYW52XBVFBUOJW5OWX0IN&num=CE6PXFINEE&MBI_datasource=STARPACK
Analysis ID:1559181

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Detected non-DNS traffic on DNS port
HTML page contains hidden javascript code
Stores files to the Windows start menu directory

Classification

  • System is w10x64_ra
  • chrome.exe (PID: 3564 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 2100 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1816,i,235708540898832890,7462670589250777101,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • chrome.exe (PID: 6548 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://starpack.mediabox.com/Mediabox-Independence/Base/weblink?id=20241120-080307-837-8LV2SE6ACR9JVQCF9ONFYW52XBVFBUOJW5OWX0IN&num=CE6PXFINEE&MBI_datasource=STARPACK" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://starpack.mediabox.com/Mediabox-Independence/Base/weblink?id=20241120-080307-837-8LV2SE6ACR9JVQCF9ONFYW52XBVFBUOJW5OWX0IN&num=CE6PXFINEE&MBI_datasource=STARPACKHTTP Parser: Base64 decoded: bUUbBT_TC[z`ssRtABXZ\PCNRU[[
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:61750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:61762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:61820 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:61691 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: global trafficDNS traffic detected: DNS query: starpack.mediabox.com
Source: global trafficDNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global trafficDNS traffic detected: DNS query: static.hotjar.com
Source: global trafficDNS traffic detected: DNS query: script.hotjar.com
Source: global trafficDNS traffic detected: DNS query: js-agent.newrelic.com
Source: global trafficDNS traffic detected: DNS query: bam.nr-data.net
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 61786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 61711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 61734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61743
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61745
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61749
Source: unknownNetwork traffic detected: HTTP traffic on port 61728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 61705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61756
Source: unknownNetwork traffic detected: HTTP traffic on port 61775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61758
Source: unknownNetwork traffic detected: HTTP traffic on port 61723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61759
Source: unknownNetwork traffic detected: HTTP traffic on port 61792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61750
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61694 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61766
Source: unknownNetwork traffic detected: HTTP traffic on port 61807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61768
Source: unknownNetwork traffic detected: HTTP traffic on port 61722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61769
Source: unknownNetwork traffic detected: HTTP traffic on port 61751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61760
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 61762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61776
Source: unknownNetwork traffic detected: HTTP traffic on port 61798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 61756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61770
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61773
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61775
Source: unknownNetwork traffic detected: HTTP traffic on port 61818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61709
Source: unknownNetwork traffic detected: HTTP traffic on port 61730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61820
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61700
Source: unknownNetwork traffic detected: HTTP traffic on port 61724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61821
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61701
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61822
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61704
Source: unknownNetwork traffic detected: HTTP traffic on port 61747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61706
Source: unknownNetwork traffic detected: HTTP traffic on port 61753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61719
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61693 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61717
Source: unknownNetwork traffic detected: HTTP traffic on port 61706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61729
Source: unknownNetwork traffic detected: HTTP traffic on port 61780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61721
Source: unknownNetwork traffic detected: HTTP traffic on port 61774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61722
Source: unknownNetwork traffic detected: HTTP traffic on port 61797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 61741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61736
Source: unknownNetwork traffic detected: HTTP traffic on port 61746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61737
Source: unknownNetwork traffic detected: HTTP traffic on port 61729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61739
Source: unknownNetwork traffic detected: HTTP traffic on port 61752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 61817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61730
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61731
Source: unknownNetwork traffic detected: HTTP traffic on port 61805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61692 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61809
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61800
Source: unknownNetwork traffic detected: HTTP traffic on port 61703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61801
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61804
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61805
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61818
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61819
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61810
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61811
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61815
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61816
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61789
Source: unknownNetwork traffic detected: HTTP traffic on port 61809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61780
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61785
Source: unknownNetwork traffic detected: HTTP traffic on port 61799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61786
Source: unknownNetwork traffic detected: HTTP traffic on port 61821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61799
Source: unknownNetwork traffic detected: HTTP traffic on port 61771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61790
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61791
Source: unknownNetwork traffic detected: HTTP traffic on port 61815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61796
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61797
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61695 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61692
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61693
Source: unknownNetwork traffic detected: HTTP traffic on port 61721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61694
Source: unknownNetwork traffic detected: HTTP traffic on port 61704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61695
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61697
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61698
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:61750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:61762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:61820 version: TLS 1.2
Source: classification engineClassification label: clean1.win@16/6@28/119
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1816,i,235708540898832890,7462670589250777101,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://starpack.mediabox.com/Mediabox-Independence/Base/weblink?id=20241120-080307-837-8LV2SE6ACR9JVQCF9ONFYW52XBVFBUOJW5OWX0IN&num=CE6PXFINEE&MBI_datasource=STARPACK"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1816,i,235708540898832890,7462670589250777101,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://starpack.mediabox.com/Mediabox-Independence/Base/weblink?id=20241120-080307-837-8LV2SE6ACR9JVQCF9ONFYW52XBVFBUOJW5OWX0IN&num=CE6PXFINEE&MBI_datasource=STARPACK0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
jsdelivr.map.fastly.net
151.101.1.229
truefalse
    high
    fastly-tls12-bam.nr-data.net
    162.247.243.29
    truefalse
      high
      script.hotjar.com
      18.244.18.56
      truefalse
        high
        js-agent.newrelic.com
        162.247.243.39
        truefalse
          high
          maxcdn.bootstrapcdn.com
          104.18.11.207
          truefalse
            high
            www.google.com
            142.250.185.68
            truefalse
              high
              mdb-indep1.mediabox.com
              35.157.114.126
              truefalse
                unknown
                static-cdn.hotjar.com
                18.66.102.51
                truefalse
                  high
                  starpack.mediabox.com
                  unknown
                  unknownfalse
                    unknown
                    cdn.jsdelivr.net
                    unknown
                    unknownfalse
                      high
                      static.hotjar.com
                      unknown
                      unknownfalse
                        high
                        bam.nr-data.net
                        unknown
                        unknownfalse
                          high
                          NameMaliciousAntivirus DetectionReputation
                          https://starpack.mediabox.com/Mediabox-Independence/Base/weblink?id=20241120-080307-837-8LV2SE6ACR9JVQCF9ONFYW52XBVFBUOJW5OWX0IN&num=CE6PXFINEE&MBI_datasource=STARPACKfalse
                            unknown
                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs
                            IPDomainCountryFlagASNASN NameMalicious
                            151.101.1.229
                            jsdelivr.map.fastly.netUnited States
                            54113FASTLYUSfalse
                            18.244.18.56
                            script.hotjar.comUnited States
                            16509AMAZON-02USfalse
                            142.250.185.68
                            www.google.comUnited States
                            15169GOOGLEUSfalse
                            1.1.1.1
                            unknownAustralia
                            13335CLOUDFLARENETUSfalse
                            216.58.212.142
                            unknownUnited States
                            15169GOOGLEUSfalse
                            104.18.186.31
                            unknownUnited States
                            13335CLOUDFLARENETUSfalse
                            172.217.18.3
                            unknownUnited States
                            15169GOOGLEUSfalse
                            18.66.102.106
                            unknownUnited States
                            3MIT-GATEWAYSUSfalse
                            142.251.173.84
                            unknownUnited States
                            15169GOOGLEUSfalse
                            216.58.206.35
                            unknownUnited States
                            15169GOOGLEUSfalse
                            104.18.11.207
                            maxcdn.bootstrapcdn.comUnited States
                            13335CLOUDFLARENETUSfalse
                            142.250.185.170
                            unknownUnited States
                            15169GOOGLEUSfalse
                            52.222.236.43
                            unknownUnited States
                            16509AMAZON-02USfalse
                            20.150.37.228
                            unknownUnited States
                            8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            239.255.255.250
                            unknownReserved
                            unknownunknownfalse
                            35.157.114.126
                            mdb-indep1.mediabox.comUnited States
                            16509AMAZON-02USfalse
                            162.247.243.29
                            fastly-tls12-bam.nr-data.netUnited States
                            13335CLOUDFLARENETUSfalse
                            162.247.243.39
                            js-agent.newrelic.comUnited States
                            13335CLOUDFLARENETUSfalse
                            172.217.18.10
                            unknownUnited States
                            15169GOOGLEUSfalse
                            18.66.102.51
                            static-cdn.hotjar.comUnited States
                            3MIT-GATEWAYSUSfalse
                            IP
                            192.168.2.17
                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1559181
                            Start date and time:2024-11-20 09:26:59 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:defaultwindowsinteractivecookbook.jbs
                            Sample URL:https://starpack.mediabox.com/Mediabox-Independence/Base/weblink?id=20241120-080307-837-8LV2SE6ACR9JVQCF9ONFYW52XBVFBUOJW5OWX0IN&num=CE6PXFINEE&MBI_datasource=STARPACK
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:12
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • EGA enabled
                            Analysis Mode:stream
                            Analysis stop reason:Timeout
                            Detection:CLEAN
                            Classification:clean1.win@16/6@28/119
                            • Exclude process from analysis (whitelisted): TextInputHost.exe
                            • Excluded IPs from analysis (whitelisted): 172.217.18.3, 216.58.212.142, 142.251.173.84, 34.104.35.123, 142.250.185.170, 216.58.206.35
                            • Excluded domains from analysis (whitelisted): fonts.googleapis.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, fonts.gstatic.com, clientservices.googleapis.com, clients.l.google.com
                            • Not all processes where analyzed, report is missing behavior information
                            • VT rate limit hit for: https://starpack.mediabox.com/Mediabox-Independence/Base/weblink?id=20241120-080307-837-8LV2SE6ACR9JVQCF9ONFYW52XBVFBUOJW5OWX0IN&num=CE6PXFINEE&MBI_datasource=STARPACK
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 07:27:33 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2677
                            Entropy (8bit):3.9784113060156425
                            Encrypted:false
                            SSDEEP:
                            MD5:C70727FA7E8B2D641ECF8D6A2A613607
                            SHA1:155EFCB274F0812CF06D6A6770C504E60F18BE8C
                            SHA-256:6EDD698CD6B02A307E91BCEC39079562BE203493CC0BBA671CAE526BE8D8CCA2
                            SHA-512:3BA6DC0F2412263CD04A1861FEC78E0A9A0B853298D52E89CD24326D562D3BE7C74F27CC25D37C60F29B6A9E1C4B858835FC2F028B8F36D795A2614EB731A521
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,.....h..&;......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.ItYgC....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtYpC....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VtYpC....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VtYpC...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VtYqC...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 07:27:33 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2679
                            Entropy (8bit):3.996289993518716
                            Encrypted:false
                            SSDEEP:
                            MD5:D37BA483FC4C214B536544A6A7A5BED1
                            SHA1:C5BF8A3AE2B56B9CE002018C6BD47AC4456FC610
                            SHA-256:E6F329947EAA66EBFDB8EC4ED7800FAC40F1C6AADACA8E8043B9ED87169CD5BC
                            SHA-512:189EF6C7D07D4DC17E96E218951644612589C3ACC4577B95B87277C736BEF1C579CE8D15FD87C3B9A1F097842E9D09DDA8AEA1C8ACEE51FBB770993C6112A094
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,........&;......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.ItYgC....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtYpC....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VtYpC....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VtYpC...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VtYqC...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2693
                            Entropy (8bit):4.006894049542433
                            Encrypted:false
                            SSDEEP:
                            MD5:9B73C86D14E643803D1BB6C52F72C8E2
                            SHA1:A97377981926EEE0C13AFC646173AC0AC48F5A7E
                            SHA-256:F4DFF8DC9FBAAD4E2E9C39204EFE6906A1FF2646791E360DF861972086963A85
                            SHA-512:32386FABE275C7D343130C49D575E0844EC2A143DAE7364F7DEF2D4EFE18F838B26749A42AAB578FABFED15D68E0C783380244E50881BA76261AA8074E643D2C
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.ItYgC....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtYpC....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VtYpC....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VtYpC...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 07:27:33 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2681
                            Entropy (8bit):3.9929040500359636
                            Encrypted:false
                            SSDEEP:
                            MD5:19F3A5B202AE1E0FB358F76E14047CBF
                            SHA1:3D7980964821ECAB49619850D2B5D41BFF92E131
                            SHA-256:2E5AE067EBE7993E7A3B2D8CA901B031307CFF0D9708465599D472197239F6F0
                            SHA-512:5931599E33AC744D54E8D04BBBE8134ECB3C0FF9A1C01FF83B1BDEA7C759D45CB6FA036E59484C768C256DBC89D197C0861378F5BE91DD9520C38267804C90AC
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,.....o..&;......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.ItYgC....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtYpC....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VtYpC....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VtYpC...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VtYqC...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 07:27:33 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2681
                            Entropy (8bit):3.983504521046617
                            Encrypted:false
                            SSDEEP:
                            MD5:E9B75019F625D0A1FE61F9A9AC1F3A1E
                            SHA1:18F264A98EB0E4018842F86031BA901D6D7622FA
                            SHA-256:AE3B5E6C0FE7E7BB63033D60AC40A45813A693F176DF745AD2A7FEA753E3D8A5
                            SHA-512:FC5A7FB6430D899E783B6D12D466B7EF2A84C1A6722BCE33CFBB449626B8CBF734872CFD36F416AAD26A7D05C00459143B25B253CEDFEF6C7A97146F970F315E
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,........&;......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.ItYgC....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtYpC....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VtYpC....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VtYpC...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VtYqC...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 07:27:33 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2683
                            Entropy (8bit):3.9927910658512906
                            Encrypted:false
                            SSDEEP:
                            MD5:2048A871D8A7372C2F7C94BEC6B5E7EC
                            SHA1:790FC5359EA9940D74DD5E8C4993226CFC2076E8
                            SHA-256:AB787F3604423CA349DE1E9A7CC424E9DD633F997074D031373E4067F2E43643
                            SHA-512:368F8B4DE2D04528A3B60B1286F8BBD3CFE7AB31934D5C42112449D2A4C70887E6BBC459EDC2432F42B575F0B0339040576BA0361A900A26547B83A2AA7D9D35
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,....hT..&;......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.ItYgC....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtYpC....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VtYpC....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VtYpC...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VtYqC...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                            No static file info