Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://golden1-alert.net/online

Overview

General Information

Sample URL:http://golden1-alert.net/online
Analysis ID:1577796

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious Javascript
AI detected suspicious URL
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML title does not match URL
Stores files to the Windows start menu directory
Suspicious form URL found

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6208 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 6440 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1900,i,2647047764777650626,14064341553614167812,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • chrome.exe (PID: 7128 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://golden1-alert.net/online" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected suspicious Javascript
Source: 0.0.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://golden1-alert.net/online... This script exhibits several high-risk behaviors, including data exfiltration, obfuscated code, and suspicious domain interactions. While some of the behavior may be related to legitimate analytics or telemetry, the overall level of risk is elevated due to the presence of multiple concerning indicators.
Source: 0.1.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://golden1-alert.net/online... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load additional scripts and the obfuscated nature of the code further increase the risk. While the script may have a legitimate purpose, such as implementing a security challenge, the overall behavior is highly suspicious and indicative of potential malicious intent.
Source: 0.3.i.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://golden1-alert.net/online... The provided JavaScript snippet exhibits several high-risk behaviors, including data exfiltration, obfuscated code, and potential redirects to malicious domains. While some of the code appears to be related to analytics or telemetry, the overall behavior is concerning and requires further investigation.
AI detected suspicious URL
Source: EmailJoe Sandbox AI: AI detected Brand spoofing attempt in URL: http://golden1-alert.net
Source: EmailJoe Sandbox AI: AI detected Brand spoofing attempt in URL: https://golden1-alert.net
Source: EmailJoe Sandbox AI: AI detected Typosquatting in URL: https://golden1-alert.net
Source: https://golden1-alert.net/online/HTTP Parser: Number of links: 0
Source: https://golden1-alert.net/onlineHTTP Parser: Base64 decoded: 1734544189.000000
Source: https://golden1-alert.net/online/HTTP Parser: Title: Login to online banking does not match URL
Source: https://golden1-alert.net/online/HTTP Parser: Form action: otp.php
Source: https://golden1-alert.net/online/HTTP Parser: <input type="password" .../> found
Source: https://golden1-alert.net/onlineHTTP Parser: No favicon
Source: https://golden1-alert.net/online/HTTP Parser: No favicon
Source: https://golden1-alert.net/online/HTTP Parser: No <meta name="author".. found
Source: https://golden1-alert.net/online/HTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 92.122.146.16:443 -> 192.168.2.17:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.147.0:443 -> 192.168.2.17:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 92.122.146.16:443 -> 192.168.2.17:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49756 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.146.16
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.146.16
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.146.16
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.146.16
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.146.16
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.0
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.0
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.0
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.146.16
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.146.16
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.146.16
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.146.16
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.146.16
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.146.16
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.146.16
Source: global trafficDNS traffic detected: DNS query: golden1-alert.net
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 92.122.146.16:443 -> 192.168.2.17:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.147.0:443 -> 192.168.2.17:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 92.122.146.16:443 -> 192.168.2.17:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49756 version: TLS 1.2
Source: classification engineClassification label: mal48.win@18/16@14/130
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1900,i,2647047764777650626,14064341553614167812,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://golden1-alert.net/online"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1900,i,2647047764777650626,14064341553614167812,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation2
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Obfuscated Files or Information		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://golden1-alert.net/online0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
golden1-alert.net
104.21.48.1
truetrue
    		unknown
    a.nel.cloudflare.com
    		35.190.80.1
    		truefalse
      		high
      cdnjs.cloudflare.com
      		104.17.25.14
      		truefalse
        		high
        www.google.com
        		172.217.19.228
        		truefalse
          		high
          fp2e7a.wpc.phicdn.net
          		192.229.221.95
          		truefalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://golden1-alert.net/online/false
              		unknown
              https://golden1-alert.net/onlinetrue
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                104.21.48.1
                		golden1-alert.netUnited States
                		13335CLOUDFLARENETUStrue
                172.217.19.228
                		www.google.comUnited States
                		15169GOOGLEUSfalse
                172.217.19.206
                		unknownUnited States
                		15169GOOGLEUSfalse
                1.1.1.1
                		unknownAustralia
                		13335CLOUDFLARENETUSfalse
                172.217.17.35
                		unknownUnited States
                		15169GOOGLEUSfalse
                142.250.181.138
                		unknownUnited States
                		15169GOOGLEUSfalse
                64.233.164.84
                		unknownUnited States
                		15169GOOGLEUSfalse
                239.255.255.250
                		unknownReserved
                		unknownunknownfalse
                142.250.181.46
                		unknownUnited States
                		15169GOOGLEUSfalse
                35.190.80.1
                		a.nel.cloudflare.comUnited States
                		15169GOOGLEUSfalse
                142.250.181.99
                		unknownUnited States
                		15169GOOGLEUSfalse
                104.17.25.14
                		cdnjs.cloudflare.comUnited States
                		13335CLOUDFLARENETUSfalse

                Private

                IP
                192.168.2.17
                192.168.2.18

                General Information

                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1577796
                Start date and time:2024-12-18 18:49:14 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                Sample URL:http://golden1-alert.net/online
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:19
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • EGA enabled
                Analysis Mode:stream
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal48.win@18/16@14/130

                Warnings

                • Exclude process from analysis (whitelisted): TextInputHost.exe
                • Excluded IPs from analysis (whitelisted): 142.250.181.99, 172.217.19.206, 64.233.164.84, 142.250.181.142
                • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                • Not all processes where analyzed, report is missing behavior information
                • VT rate limit hit for: http://golden1-alert.net/online

                Created / dropped Files

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 16:49:44 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2677
                Entropy (8bit):3.9885353239953676
                Encrypted:false
                SSDEEP:
                MD5:8B100EF1930D18169DCBC7D35F3F4E49
                SHA1:F260B233D290D4B03EADE9A2693774F4AF94FA3A
                SHA-256:F0F9E3A173E7239DC03C4369B28F4F2E353E459D4A95DAFC4F05CD1B34110706
                SHA-512:2A32FCD6A808DBCEFB58C0A5DD358D2C396E9BD93961895178B078E14693B8855CED9DADF0F798DB537A0088BDBA1E312AB3E90BF9FC5AFE9710C628A431A1C5
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,....-&.8uQ......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y5.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y5.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y5............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y6............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........k........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 16:49:43 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2679
                Entropy (8bit):4.007553376891526
                Encrypted:false
                SSDEEP:
                MD5:19EFF0CC22F2FAB6C45FBA5E8079C485
                SHA1:13D2C84F7A77D324D0B9B30738CA9245116BCBD2
                SHA-256:F3750C865733519859C5DDA218EE2F944DF66172D29C49DEFDEFC796A248EFD3
                SHA-512:AD9085F46D375EC1FB8B94EFEB5DA04212D5650ACC27A38D98808C3C3DED16C0D7FF82A008757E3D29D25D5D68DB68CBF966F3020EF348DFA4B49760D1460097
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,......8uQ......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y5.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y5.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y5............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y6............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........k........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2693
                Entropy (8bit):4.0152279982670445
                Encrypted:false
                SSDEEP:
                MD5:7E3213BF82D1CACB9F8F61B92CEA56C7
                SHA1:85D9A2E372ED600678BF5DD316A60AA12856395B
                SHA-256:D99AF276089B471B37EC34D0211512F4326EC6A791F183F49212116DEB1A4C3B
                SHA-512:764534AF4267989CAABEAECE29715F55D67508E2D6B3043B3B63C5B0AD0815C87A97FD98680E73DD4C12C459D040FDCDF624115173C4231316D033690077A132
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y5.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y5.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y5............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........k........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 16:49:43 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2681
                Entropy (8bit):4.003152696601013
                Encrypted:false
                SSDEEP:
                MD5:FA71A203E02C6102CD0D8AB944FA9864
                SHA1:0D975BC05ECD91D83FADF2A35CB44AF2C769EC49
                SHA-256:4947D9D27869673BD20C257C9248AEAD3022A4E5D72C7A5F25EF195418F20D69
                SHA-512:0C6E24171A7D8EFB0A1F75DFA1C38CA7558C8C80467840A6CE4E8CA4CAB38B407C169CA2D506E21183C4FE635831FDB63AE0771409AC6971965090A72D3C331E
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,.....P.8uQ......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y5.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y5.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y5............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y6............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........k........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 16:49:44 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2681
                Entropy (8bit):3.9921147218501063
                Encrypted:false
                SSDEEP:
                MD5:5A9F17424D123534CD468A866F1E3049
                SHA1:A61EFF6BFBF1CCE96C552E5DBE66039EBB1A916E
                SHA-256:2ED87F6DC59C260F66BB78179B95DD7B294E7EB0E5EEA6019A711DF9B8B09B7F
                SHA-512:858CE74D775F756C17991DC99CA71E94F13B8BB326E3D05BB850CDCA22E9CE5AE9EEAA8437C46F52C4738A7BB3C5B42B6796A8A66B5F5209E39B79DE78542674
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,....a..8uQ......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y5.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y5.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y5............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y6............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........k........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 16:49:43 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2683
                Entropy (8bit):4.004575187659149
                Encrypted:false
                SSDEEP:
                MD5:4A4BEF484AEEE09681F552DA3C025265
                SHA1:84A87B1B3B63FBA0ABE195A700558F3E6AAB1AB9
                SHA-256:401F8DE65D318A3A633C49A2648B1E9FF98C0E24CE0A0EFB52131216DD211A4E
                SHA-512:EFBE531ED5FB07F2BDDD6C8E212B43940A7C46217D74CC3AC7B8EDF3FAF37F0FF94EF148E65D241A6C855A8674CC8E3E8A013528920916555C5A1787AE3F5F2F
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,.....>.8uQ......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y5.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y5.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y5............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y6............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........k........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                Chrome Cache Entry: 73

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with no line terminators
                Category:downloaded
                Size (bytes):28
                Entropy (8bit):4.208966082694623
                Encrypted:false
                SSDEEP:
                MD5:948F3999EACF2B989FC37648302276CA
                SHA1:C200D29C6EE07DE0EA177EBB9A92D3BD5BAB7E8D
                SHA-256:9B921490755972C9E7C690CE71B9A2DB84E0CC674DCFD44301F2A4EE08EC83AA
                SHA-512:F72FB69B06238C5E0E2A1733764C165F40C8A77EE34A79D5B8996A5745CE0CE716C8FFEE33EC02206AD137176F4A33E3B4633A59D83B506489FD3D6B73787E91
                Malicious:false
                Reputation:unknown
                URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSFwmUVv-vTvDD-RIFDc8jKv8SBQ2ailBY?alt=proto
                Preview:ChIKBw3PIyr/GgAKBw2ailBYGgA=

                Chrome Cache Entry: 74

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text
                Category:downloaded
                Size (bytes):3038
                Entropy (8bit):5.015656630802099
                Encrypted:false
                SSDEEP:
                MD5:CB639FD9C00B3ABF9F2FE9FB7551C667
                SHA1:478A862B215335CF32D615829503CE7146EC5AEA
                SHA-256:B632402023E5806F7AB9BA231247C11B8F8BA28E505B9563009D39CDCD6275CF
                SHA-512:2ACEA045D28E552B6F7B052F44B9FB4F29D391FD209950F766F29F6269C524FD531F63ECA837BEAD33776E37FFDD988B98D684A7E6F640A70B4F0019E0C9834B
                Malicious:false
                Reputation:unknown
                URL:https://golden1-alert.net/online/css/style.css
                Preview:*{..box-sizing: border-box;..font-family: Arial, sans-serif;.}.body {..margin: 0;..padding: 0;..background-image: url('../img/cloud.jpg');..background-size: cover;..background-repeat: no-repeat;..background-attachment: fixed; /* Optional - keeps the background fixed while scrolling */.}...main {. display: flex;. flex-direction: column; /* Adjust if you want row-based layout */. height: 100vh; /* Take up full viewport height */.}..header{..width: 100%;..padding: 20px;..display: flex;..justify-content: center;..align-items: center;..flex-direction: column;.}..header-image{..width: 120px;.}..header-button{..background-color: #00395d;..padding: 15px;..color: #fff;.}..form-container{..width: 100%;..padding: 10px;..display: flex;..justify-content: center;..align-items: center;.}..form{..width: 350px;..padding: 20px;..display: flex;..flex-direction: column;..gap: 20px;..background-color: #00395d;.}..input_class{..outline: none;..border: none;..padding: 10px 0px;..font-size: 16px;..co

                Chrome Cache Entry: 75

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (52276)
                Category:downloaded
                Size (bytes):102641
                Entropy (8bit):4.781784574734628
                Encrypted:false
                SSDEEP:
                MD5:9402848C3D4BBC710C764326F8B887C9
                SHA1:B6E555166EB1381392E00ADCDE9BF8863F16FF01
                SHA-256:C22CFB6520A7FDBB738632834019ACF47C78B1279462C0EB4CB83BAE83ECB5A7
                SHA-512:0D33903BD456087DE9A46A9C59A100D41219382EB1C5A97012CC3D73641078021FB65F957A0A2F96779ED5CF505F84DCB6758C9F5DD36727BE822326F1ED8BC0
                Malicious:false
                Reputation:unknown
                URL:https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css
                Preview:/*!. * Font Awesome Free 6.5.1 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). * Copyright 2023 Fonticons, Inc.. */..fa{font-family:var(--fa-style-family,"Font Awesome 6 Free");font-weight:var(--fa-style,900)}.fa,.fa-brands,.fa-classic,.fa-regular,.fa-sharp,.fa-solid,.fab,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:var(--fa-display,inline-block);font-style:normal;font-variant:normal;line-height:1;text-rendering:auto}.fa-classic,.fa-regular,.fa-solid,.far,.fas{font-family:"Font Awesome 6 Free"}.fa-brands,.fab{font-family:"Font Awesome 6 Brands"}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-2xs{font-size:.625em;line-height:.1em;vertical-align:.225em}.fa-xs{font-size:.75em;line-

                Chrome Cache Entry: 76

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (8693), with no line terminators
                Category:dropped
                Size (bytes):8693
                Entropy (8bit):5.731946414962164
                Encrypted:false
                SSDEEP:
                MD5:AC4607000E8B5797B8ADCED7F198FB22
                SHA1:7A12ECD1E541D137B25B4B2E837655823D530F04
                SHA-256:034E3CA8CF22EB524A61848BB7925C5591BA00E6F64B98B9E1877822A35D4270
                SHA-512:D3BA4B673C7681963160353A27C1C069F46F8F595638EAC0457C800E46514D74DB630860CEAC93EE05658A4F8F19B452D8F9B4E95A39EFC9DC1B21141E83F8FD
                Malicious:false
                Reputation:unknown
                Preview:window._cf_chl_opt={cFPWv:'b'};~function(W,h,i,j,k,l,s,v){W=b,function(c,e,V,f,g){for(V=b,f=c();!![];)try{if(g=-parseInt(V(183))/1+-parseInt(V(224))/2+-parseInt(V(181))/3*(-parseInt(V(124))/4)+parseInt(V(152))/5+-parseInt(V(175))/6+-parseInt(V(216))/7*(parseInt(V(211))/8)+parseInt(V(225))/9,g===e)break;else f.push(f.shift())}catch(E){f.push(f.shift())}}(a,350267),h=this||self,i=h[W(188)],j=function(X,e,f,g){return X=W,e=String[X(201)],f={'h':function(E){return null==E?'':f.g(E,6,function(F,Y){return Y=b,Y(145)[Y(125)](F)})},'g':function(E,F,G,Z,H,I,J,K,L,M,N,O,P,Q,R,S,T,U){if(Z=X,E==null)return'';for(I={},J={},K='',L=2,M=3,N=2,O=[],P=0,Q=0,R=0;R<E[Z(243)];R+=1)if(S=E[Z(125)](R),Object[Z(213)][Z(241)][Z(221)](I,S)||(I[S]=M++,J[S]=!0),T=K+S,Object[Z(213)][Z(241)][Z(221)](I,T))K=T;else{if(Object[Z(213)][Z(241)][Z(221)](J,K)){if(256>K[Z(165)](0)){for(H=0;H<N;P<<=1,Q==F-1?(Q=0,O[Z(149)](G(P)),P=0):Q++,H++);for(U=K[Z(165)](0),H=0;8>H;P=U&1.66|P<<1,F-1==Q?(Q=0,O[Z(149)](G(P)),P=0):Q++,U>>=1,H

                Chrome Cache Entry: 77

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:HTML document, ASCII text
                Category:downloaded
                Size (bytes):3004
                Entropy (8bit):4.817159024313933
                Encrypted:false
                SSDEEP:
                MD5:96302DAE860C0E21C64822C0AB1A7B8A
                SHA1:7B47A7ACFCC59ABFC84E1B6B424091092994C413
                SHA-256:87981DFA2E6ECC163573EEA84DB672A270C60FCA1B92D9B9BDF666515C6CD36E
                SHA-512:203DDE12FA0E63BACC7DCC1D08134E128EACE009850372D93CAD42516CF10B4F29E88BDC3332A9EDCBB9C8F20CC7C205CBFA2643A847127496B2F7C258E53A1F
                Malicious:false
                Reputation:unknown
                URL:https://golden1-alert.net/online/
                Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Login to online banking</title>. <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css" integrity="sha512-DTOQO9RWCH3ppGqcWaEA1BIZOC6xxalwEsw9c2QQeAIftl+Vegovlnee1c9QX4TctnWMn13TZye+giMm8e2LwA==" crossorigin="anonymous" referrerpolicy="no-referrer" />. <link rel="stylesheet" href="css/style.css">. <style>. @keyframes spinner {. 0% {. transform: translate3d(-50%, -50%, 0) rotate(0deg);. }. 100% {. transform: translate3d(-50%, -50%, 0) rotate(360deg);. }. }. .spin::before {. animation: 1.5s linear infinite spinner;. animation-play-state: inherit;. border: solid 6px #cfd0d1;. border-bottom-color: #000;. border-radius: 50%;. content: "";. height: 5rem;. width: 5rem;.

                Chrome Cache Entry: 79

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 2848x4272, components 3
                Category:downloaded
                Size (bytes):609381
                Entropy (8bit):7.9282890605969385
                Encrypted:false
                SSDEEP:
                MD5:D23082F12435CEFA773E3B2650854F2C
                SHA1:6297B6D579D8F30285612037B394AAC0BC1B9C35
                SHA-256:9E718894B4173ABF2A4D8CD69E3B3674125AA36646A38800533C2BF54553AEE3
                SHA-512:BBD1F16CBB94EF19F4965770D6B6631FE49F4D63710A4A4DFCA395117862CAD6A52BB24633BA114007C5425C746F98EFA286F42521006ED64898D3CBE60DB47C
                Malicious:false
                Reputation:unknown
                URL:https://golden1-alert.net/online/img/cloud.jpg
                Preview:......JFIF.....H.H.....XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1........

                Chrome Cache Entry: 80

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (8732), with no line terminators
                Category:downloaded
                Size (bytes):8732
                Entropy (8bit):5.746979481987997
                Encrypted:false
                SSDEEP:
                MD5:09DF6A8500799F2CBAC3F6796B12C662
                SHA1:6E0CC7C083FB71C8522D603CE83CDB09A32FD709
                SHA-256:48F65A138FA44AC434F93B2EB42198229CEB6FCB8F5CB0C565969A38D4749D93
                SHA-512:F8DB519A8FC21912BECFA069757BFFE25B635C9DBA7CA95829CC6F700FCFDC864C1CCF8BD25AC593E8F275B6EF1F3BBB9EE2A48BEC9FBB5DAA6DF41335A77CF2
                Malicious:false
                Reputation:unknown
                URL:https://golden1-alert.net/cdn-cgi/challenge-platform/h/b/scripts/jsd/787bc399e22f/main.js?
                Preview:window._cf_chl_opt={cFPWv:'b'};~function(W,h,i,j,k,l,s,v){W=b,function(c,e,V,f,g){for(V=b,f=c();!![];)try{if(g=parseInt(V(300))/1*(-parseInt(V(292))/2)+parseInt(V(241))/3*(parseInt(V(229))/4)+-parseInt(V(236))/5*(-parseInt(V(272))/6)+-parseInt(V(342))/7+parseInt(V(280))/8+parseInt(V(242))/9+-parseInt(V(297))/10,e===g)break;else f.push(f.shift())}catch(E){f.push(f.shift())}}(a,492682),h=this||self,i=h[W(225)],j=function(X,e,f,g){return X=W,e=String[X(284)],f={'h':function(E){return E==null?'':f.g(E,6,function(F,Y){return Y=b,Y(252)[Y(235)](F)})},'g':function(E,F,G,Z,H,I,J,K,L,M,N,O,P,Q,R,S,T,U){if(Z=X,E==null)return'';for(I={},J={},K='',L=2,M=3,N=2,O=[],P=0,Q=0,R=0;R<E[Z(261)];R+=1)if(S=E[Z(235)](R),Object[Z(336)][Z(328)][Z(338)](I,S)||(I[S]=M++,J[S]=!0),T=K+S,Object[Z(336)][Z(328)][Z(338)](I,T))K=T;else{if(Object[Z(336)][Z(328)][Z(338)](J,K)){if(256>K[Z(258)](0)){for(H=0;H<N;P<<=1,Q==F-1?(Q=0,O[Z(343)](G(P)),P=0):Q++,H++);for(U=K[Z(258)](0),H=0;8>H;P=P<<1.35|U&1,Q==F-1?(Q=0,O[Z(343)](G

                Chrome Cache Entry: 82

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:HTML document, ASCII text
                Category:downloaded
                Size (bytes):315
                Entropy (8bit):5.0572271090563765
                Encrypted:false
                SSDEEP:
                MD5:A34AC19F4AFAE63ADC5D2F7BC970C07F
                SHA1:A82190FC530C265AA40A045C21770D967F4767B8
                SHA-256:D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
                SHA-512:42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
                Malicious:false
                Reputation:unknown
                URL:https://golden1-alert.net/favicon.ico
                Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

                Chrome Cache Entry: 83

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:Web Open Font Format (Version 2), TrueType, length 156496, version 773.768
                Category:downloaded
                Size (bytes):156496
                Entropy (8bit):7.996570522285877
                Encrypted:true
                SSDEEP:
                MD5:6C4EEE562650E53CEE32496BDFBE534B
                SHA1:1AAE708E3B94EE981B452A918D28ED037FBB5E18
                SHA-256:9FC85F3A4544AB0D570C7F8F9BBB88DB8D92C359B2707580EA8B07C75673EAE2
                SHA-512:EBCB5A2E2A908228F77ECD03B45491778CAD73DDC39FA3A6334B129AAF9FA36C16C0307AEAAD74D77F616B5B34AAC52D91E9F4816945253DC9A826DDD71F4D12
                Malicious:false
                Reputation:unknown
                URL:https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/fa-solid-900.woff2
                Preview:wOF2......cP..........c..........................6.$. .`..<...... .@..m. %.......V'.......).=<E..........%........~.....W.......................S`0...0-.q.=^.../?.zn.Do,.pF..B..8Tr....5..n...Q.>...t:...Q...S....t..eV.....).`.Igb"......"ZI2}.,........#..."1.3.....j.V.....J.......$F..>:(|E..$...U.r.j.vOM.......^....T..$...w*.Dx`.lZ?a..D.`.r.A.UL........ x.]....|....V.D.T..8..R.X%.[.x.>..Z.r....g.?....UCuu.4VI.m.j..1.*K.NX.xn...,..8.Y...b...@.#..kw...%..HK..'...LOH..`.Y`v3fg.............(...(.)R.AERTX.V.LA.GQ.O..-...|o:...).%...{D.Z]=..'....0..6`..X`v..Cr.....)9A..,.^<%:@V..Pp.Lg8S...'.9..N..'......Q....r..^w....fr....;;..V....`.P...HB......!.C\....8...w.>].....|..,s...^./....z.........%...:I'.hw...t.6.......o.f.X.^.....k.....s.....fZ....z.(..%...v.JjI...d.............R`....z.{.=.,Q>.r>.L>d.d..4..!....]n]..K.A.UAD.k.p....Dwy..D......."@..>F!..&@..U........g.F..V.FcT..b4.........=l...~.#.....Y....{.....n............P...R.d.X...{..y.....k.?..2...

                Chrome Cache Entry: 84

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:PNG image data, 377 x 134, 8-bit/color RGBA, non-interlaced
                Category:downloaded
                Size (bytes):63030
                Entropy (8bit):7.993295509140446
                Encrypted:true
                SSDEEP:
                MD5:07F95D3EA7B70B7713F563EEF714D192
                SHA1:030E196CFD08DD203DB24DCEA9C606CA87647E15
                SHA-256:A28529D1306927628895FD6DBD0AAEF065802CECE3D909EF5887EEC7781F8028
                SHA-512:98E5B02B07A169430968400116E2343727B1F5A57826FB1533868B167D6980CB8C70E8BE36505A5D8F214D436822505F9A6F7F58D111A9BC27155A902DB98F87
                Malicious:false
                Reputation:unknown
                URL:https://golden1-alert.net/online/img/main.png
                Preview:.PNG........IHDR...y.........8..E.. .IDATx^.]..T..>.[..,.m.....K..(......H)<......Q.)A)..V........{g]}.`.....eg.....9.;e........G <.....~iu...f.....}.\8/b...X}w....=:t.....,.....G <..........C........a.......\"...It...-....u...G...o.......g.#.........2.....~..e..2."....%.o.................u..K.]..A.RG,|~x..#...?8.ON|...G.z.n.X=.......n.8D.....)....A..=.6..V?~.>.FM.w)_...K.......@x....<5.;.Lyr...........n.......J;.].x`<....}.M.x5...8..U"'..%...O..@x..#...y.......*.U........n.58.../.......m.q..R.B..z..^.Q.A.wY%3+ ..~.H?d.Q.=....o..s;R...#......r..o.^...#....V6.E..b..T...c...q.|b..G...._R.nVCJ..V......@.tOzY...................;. ..q........G.wG..kk......j...T?<...I........n.^w..+.:..%b..L......d..bq..e....}$i....n.......{;.J.z+N..#..?F.3.#...........]:t....e.......hxQ.`...6..f"..].m2..R.....9q@.w2n2@M...*.k.9r>.To8_2 ..p.....^...V..=v.fZ. ..Q........G.WF.g..#^zq..nw&tmh.V.x..dK..L...T...'.".c=I.Y...Y.uN.....,..q..\=?...5.\....Z.....nCN.bw..j...!.r3

                Static File Info

                No static file info