Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://u48917305.ct.sendgrid.net/ls/click?upn=u001.ztQPJiWtq2gO8V-2Ftd7SxY9UCAq3VScTPSloeIw5UEMPd6e3nbPRvJ98moPTqmrdQ1eNbvwZHJ-2BEb4HrooVFNCTltmXW6SgRONKSmPzdFoWfDQT97cczFZ0vj7M2xBd2izDTi-2BL-2BoVqB8yVzV2GW7vOPvy3s9yVghrOS5vs-2BSnWyzJMkXQxVEReq4oLCDet7QAOvo_JkpSD-2Bg6VoLAQppUKMb-2BxDh4v4nbOeQFT31ao

Overview

General Information

Sample URL:https://u48917305.ct.sendgrid.net/ls/click?upn=u001.ztQPJiWtq2gO8V-2Ftd7SxY9UCAq3VScTPSloeIw5UEMPd6e3nbPRvJ98moPTqmrdQ1eNbvwZHJ-2BEb4HrooVFNCTltmXW6SgRONKSmPzdFoWfDQT97cczFZ0vj7M2xBd2izDTi-2BL-2BoVqB8
Analysis ID:1580090

Detection

HTMLPhisher
Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Yara detected HtmlPhish10
AI detected suspicious URL
HTML page contains obfuscated javascript
HTML body contains low number of good links
HTML body contains password input but no form action
HTML body with high number of embedded images detected
HTML page contains hidden javascript code
HTML title does not match URL
Stores files to the Windows start menu directory

Classification

  • System is w10x64_ra
  • chrome.exe (PID: 4344 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7052 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1820,i,9801767984344154985,6290466948760849012,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6724 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u48917305.ct.sendgrid.net/ls/click?upn=u001.ztQPJiWtq2gO8V-2Ftd7SxY9UCAq3VScTPSloeIw5UEMPd6e3nbPRvJ98moPTqmrdQ1eNbvwZHJ-2BEb4HrooVFNCTltmXW6SgRONKSmPzdFoWfDQT97cczFZ0vj7M2xBd2izDTi-2BL-2BoVqB8yVzV2GW7vOPvy3s9yVghrOS5vs-2BSnWyzJMkXQxVEReq4oLCDet7QAOvo_JkpSD-2Bg6VoLAQppUKMb-2BxDh4v4nbOeQFT31aoN-2FLkhvFCzY6wdlGM7RTNIi47OKR1tTaghG8tTKssArDNPSXAfX9wO6nsZ2FHn-2FunyaOti-2FaII-2FnbKYDXJOImW-2Bs9f4tYnWj8rqO7L0kp4KNRHBDo0iHoL8DEOGc8GMtzqzsIqERel6-2FxJyY4DBnsnUTOc2I4HCPKA6lxcCEXMtxEA1-2FnQ-3D-3D" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
SourceRuleDescriptionAuthorStrings
2.1.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
    3.2.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
      No Sigma rule has matched
      No Suricata rule has matched

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      Source: https://b1.kikjsds2.sa.com/.ufc/ko/index.html#sean_bolser@fd.orgJoe Sandbox AI: Score: 9 Reasons: The brand 'Outlook' is well-known and is associated with the domain 'outlook.com'., The provided URL 'b1.kikjsds2.sa.com' does not match the legitimate domain 'outlook.com'., The URL contains suspicious elements such as 'kikjsds2', which does not relate to Outlook., The domain 'sa.com' is not associated with Outlook, increasing the likelihood of phishing., The presence of input fields for 'Domain\user name' and 'Password' is typical for phishing attempts targeting login credentials. DOM: 2.1.pages.csv
      Source: Yara matchFile source: 2.1.pages.csv, type: HTML
      Source: Yara matchFile source: 3.2.pages.csv, type: HTML
      Source: EmailJoe Sandbox AI: AI detected Typosquatting in URL: https://b1.kikjsds2.sa.com
      Source: https://b1.kikjsds2.sa.com/.ufc/ko/index.html#sean_bolser@fd.orgHTTP Parser: function _0x542f(_0x33d4de,_0x4b9b4d){var _0x457e68=_0x13ac();return _0x542f=function(_0x4ad2c7,_0x
      Source: https://b1.kikjsds2.sa.com/.ufc/ko/index.html?email=%5B%5B-Email-%5D%5D&domain=US%5Cyou_suck_badguyz%40hotmail.com&password=Y0lo69420%21%21&passwordText=#sean_bolser@fd.orgHTTP Parser: function _0x542f(_0x33d4de,_0x4b9b4d){var _0x457e68=_0x13ac();return _0x542f=function(_0x4ad2c7,_0x
      Source: https://b1.kikjsds2.sa.com/.ufc/ko/index.html#sean_bolser@fd.orgHTTP Parser: Number of links: 0
      Source: https://b1.kikjsds2.sa.com/.ufc/ko/index.html#sean_bolser@fd.orgHTTP Parser: <input type="password" .../> found but no <form action="...
      Source: https://b1.kikjsds2.sa.com/.ufc/ko/index.html#sean_bolser@fd.orgHTTP Parser: Total embedded image size: 22422
      Source: https://b1.kikjsds2.sa.com/.ufc/ko/index.html#sean_bolser@fd.orgHTTP Parser: Base64 decoded: https://b1.kikjsds2.sa.com/.ufc/ko/SendMe.php
      Source: https://b1.kikjsds2.sa.com/.ufc/ko/index.html#sean_bolser@fd.orgHTTP Parser: Title: 0utlook does not match URL
      Source: https://b1.kikjsds2.sa.com/.ufc/ko/index.html#sean_bolser@fd.orgHTTP Parser: <input type="password" .../> found
      Source: https://b1.kikjsds2.sa.com/.ufc/ko/index.html#sean_bolser@fd.orgHTTP Parser: No <meta name="author".. found
      Source: https://b1.kikjsds2.sa.com/.ufc/ko/index.html#sean_bolser@fd.orgHTTP Parser: No <meta name="copyright".. found
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49714 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49717 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49721 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49736 version: TLS 1.2
      Source: chrome.exeMemory has grown: Private usage: 7MB later: 29MB
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.181.3
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.181.3
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.181.3
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.181.3
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.181.3
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.181.3
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
      Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
      Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
      Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
      Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
      Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
      Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
      Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
      Source: global trafficHTTP traffic detected: GET /wx/wx_callback.asp?gourl=https://globaljubileemission.org/mov/tkjllpwxlz/c2Vhbl9ib2xzZXJAZmQub3Jn HTTP/1.1Host: gdgp.chinaxinge.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
      Source: global trafficDNS traffic detected: DNS query: u48917305.ct.sendgrid.net
      Source: global trafficDNS traffic detected: DNS query: gdgp.chinaxinge.com
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: globaljubileemission.org
      Source: global trafficDNS traffic detected: DNS query: b1.kikjsds2.sa.com
      Source: global trafficDNS traffic detected: DNS query: code.jquery.com
      Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
      Source: global trafficDNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
      Source: global trafficDNS traffic detected: DNS query: east.exch091.serverdata.net
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49714 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49717 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49721 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49736 version: TLS 1.2
      Source: classification engineClassification label: mal64.phis.win@19/6@26/221
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\Dictionaries
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1820,i,9801767984344154985,6290466948760849012,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u48917305.ct.sendgrid.net/ls/click?upn=u001.ztQPJiWtq2gO8V-2Ftd7SxY9UCAq3VScTPSloeIw5UEMPd6e3nbPRvJ98moPTqmrdQ1eNbvwZHJ-2BEb4HrooVFNCTltmXW6SgRONKSmPzdFoWfDQT97cczFZ0vj7M2xBd2izDTi-2BL-2BoVqB8yVzV2GW7vOPvy3s9yVghrOS5vs-2BSnWyzJMkXQxVEReq4oLCDet7QAOvo_JkpSD-2Bg6VoLAQppUKMb-2BxDh4v4nbOeQFT31aoN-2FLkhvFCzY6wdlGM7RTNIi47OKR1tTaghG8tTKssArDNPSXAfX9wO6nsZ2FHn-2FunyaOti-2FaII-2FnbKYDXJOImW-2Bs9f4tYnWj8rqO7L0kp4KNRHBDo0iHoL8DEOGc8GMtzqzsIqERel6-2FxJyY4DBnsnUTOc2I4HCPKA6lxcCEXMtxEA1-2FnQ-3D-3D"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1820,i,9801767984344154985,6290466948760849012,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      Browser Extensions
      1
      Process Injection
      3
      Masquerading
      OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
      Encrypted Channel
      Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/Job1
      Registry Run Keys / Startup Folder
      1
      Registry Run Keys / Startup Folder
      1
      Process Injection
      LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
      Non-Application Layer Protocol
      Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      Extra Window Memory Injection
      1
      Extra Window Memory Injection
      Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
      Application Layer Protocol
      Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
      Ingress Tool Transfer
      Traffic DuplicationData Destruction

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand
      SourceDetectionScannerLabelLink
      https://u48917305.ct.sendgrid.net/ls/click?upn=u001.ztQPJiWtq2gO8V-2Ftd7SxY9UCAq3VScTPSloeIw5UEMPd6e3nbPRvJ98moPTqmrdQ1eNbvwZHJ-2BEb4HrooVFNCTltmXW6SgRONKSmPzdFoWfDQT97cczFZ0vj7M2xBd2izDTi-2BL-2BoVqB8yVzV2GW7vOPvy3s9yVghrOS5vs-2BSnWyzJMkXQxVEReq4oLCDet7QAOvo_JkpSD-2Bg6VoLAQppUKMb-2BxDh4v4nbOeQFT31aoN-2FLkhvFCzY6wdlGM7RTNIi47OKR1tTaghG8tTKssArDNPSXAfX9wO6nsZ2FHn-2FunyaOti-2FaII-2FnbKYDXJOImW-2Bs9f4tYnWj8rqO7L0kp4KNRHBDo0iHoL8DEOGc8GMtzqzsIqERel6-2FxJyY4DBnsnUTOc2I4HCPKA6lxcCEXMtxEA1-2FnQ-3D-3D0%Avira URL Cloudsafe
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches
      SourceDetectionScannerLabelLink
      http://gdgp.chinaxinge.com/wx/wx_callback.asp?gourl=https://globaljubileemission.org/mov/tkjllpwxlz/c2Vhbl9ib2xzZXJAZmQub3Jn0%Avira URL Cloudsafe
      NameIPActiveMaliciousAntivirus DetectionReputation
      east.exch091.serverdata.net
      64.78.27.34
      truefalse
        unknown
        code.jquery.com
        151.101.66.137
        truefalse
          high
          sjumyf5cfmmxl0qyv4rihlza8xxbovck.yundunwaf2.com
          59.110.245.35
          truefalse
            unknown
            cdnjs.cloudflare.com
            104.17.25.14
            truefalse
              high
              maxcdn.bootstrapcdn.com
              104.18.10.207
              truefalse
                high
                u48917305.ct.sendgrid.net
                167.89.115.147
                truefalse
                  unknown
                  www.google.com
                  142.250.181.68
                  truefalse
                    high
                    b1.kikjsds2.sa.com
                    212.28.188.11
                    truetrue
                      unknown
                      globaljubileemission.org
                      198.251.89.144
                      truefalse
                        unknown
                        gdgp.chinaxinge.com
                        unknown
                        unknownfalse
                          unknown
                          NameMaliciousAntivirus DetectionReputation
                          https://b1.kikjsds2.sa.com/.ufc/ko/index.html#sean_bolser@fd.orgtrue
                            unknown
                            https://b1.kikjsds2.sa.com/.ufc/ko/index.html?email=%5B%5B-Email-%5D%5D&domain=US%5Cyou_suck_badguyz%40hotmail.com&password=Y0lo69420%21%21&passwordText=#sean_bolser@fd.orgtrue
                              unknown
                              http://gdgp.chinaxinge.com/wx/wx_callback.asp?gourl=https://globaljubileemission.org/mov/tkjllpwxlz/c2Vhbl9ib2xzZXJAZmQub3Jnfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://globaljubileemission.org/mov/tkjllpwxlz/c2Vhbl9ib2xzZXJAZmQub3Jnfalse
                                unknown
                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs
                                IPDomainCountryFlagASNASN NameMalicious
                                104.17.24.14
                                unknownUnited States
                                13335CLOUDFLARENETUSfalse
                                172.217.19.238
                                unknownUnited States
                                15169GOOGLEUSfalse
                                1.1.1.1
                                unknownAustralia
                                13335CLOUDFLARENETUSfalse
                                104.18.10.207
                                maxcdn.bootstrapcdn.comUnited States
                                13335CLOUDFLARENETUSfalse
                                167.89.115.147
                                u48917305.ct.sendgrid.netUnited States
                                11377SENDGRIDUSfalse
                                64.78.27.34
                                east.exch091.serverdata.netUnited States
                                16406AS-INTERMEDIAUSfalse
                                172.217.17.35
                                unknownUnited States
                                15169GOOGLEUSfalse
                                172.217.17.46
                                unknownUnited States
                                15169GOOGLEUSfalse
                                59.110.245.35
                                sjumyf5cfmmxl0qyv4rihlza8xxbovck.yundunwaf2.comChina
                                37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                                212.28.188.11
                                b1.kikjsds2.sa.comItaly
                                12468ABANETInternetServiceProviderITtrue
                                239.255.255.250
                                unknownReserved
                                unknownunknownfalse
                                198.251.89.144
                                globaljubileemission.orgUnited States
                                53667PONYNETUSfalse
                                151.101.66.137
                                code.jquery.comUnited States
                                54113FASTLYUSfalse
                                172.217.21.35
                                unknownUnited States
                                15169GOOGLEUSfalse
                                64.233.161.84
                                unknownUnited States
                                15169GOOGLEUSfalse
                                142.250.181.68
                                www.google.comUnited States
                                15169GOOGLEUSfalse
                                151.101.194.137
                                unknownUnited States
                                54113FASTLYUSfalse
                                142.250.181.10
                                unknownUnited States
                                15169GOOGLEUSfalse
                                104.17.25.14
                                cdnjs.cloudflare.comUnited States
                                13335CLOUDFLARENETUSfalse
                                IP
                                192.168.2.16
                                Joe Sandbox version:41.0.0 Charoite
                                Analysis ID:1580090
                                Start date and time:2024-12-23 21:59:36 +01:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                Sample URL:https://u48917305.ct.sendgrid.net/ls/click?upn=u001.ztQPJiWtq2gO8V-2Ftd7SxY9UCAq3VScTPSloeIw5UEMPd6e3nbPRvJ98moPTqmrdQ1eNbvwZHJ-2BEb4HrooVFNCTltmXW6SgRONKSmPzdFoWfDQT97cczFZ0vj7M2xBd2izDTi-2BL-2BoVqB8yVzV2GW7vOPvy3s9yVghrOS5vs-2BSnWyzJMkXQxVEReq4oLCDet7QAOvo_JkpSD-2Bg6VoLAQppUKMb-2BxDh4v4nbOeQFT31aoN-2FLkhvFCzY6wdlGM7RTNIi47OKR1tTaghG8tTKssArDNPSXAfX9wO6nsZ2FHn-2FunyaOti-2FaII-2FnbKYDXJOImW-2Bs9f4tYnWj8rqO7L0kp4KNRHBDo0iHoL8DEOGc8GMtzqzsIqERel6-2FxJyY4DBnsnUTOc2I4HCPKA6lxcCEXMtxEA1-2FnQ-3D-3D
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:13
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • EGA enabled
                                Analysis Mode:stream
                                Analysis stop reason:Timeout
                                Detection:MAL
                                Classification:mal64.phis.win@19/6@26/221
                                • Exclude process from analysis (whitelisted): svchost.exe
                                • Excluded IPs from analysis (whitelisted): 172.217.21.35, 64.233.161.84, 172.217.19.238
                                • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, clientservices.googleapis.com, clients.l.google.com
                                • Not all processes where analyzed, report is missing behavior information
                                • VT rate limit hit for: https://u48917305.ct.sendgrid.net/ls/click?upn=u001.ztQPJiWtq2gO8V-2Ftd7SxY9UCAq3VScTPSloeIw5UEMPd6e3nbPRvJ98moPTqmrdQ1eNbvwZHJ-2BEb4HrooVFNCTltmXW6SgRONKSmPzdFoWfDQT97cczFZ0vj7M2xBd2izDTi-2BL-2BoVqB8yVzV2GW7vOPvy3s9yVghrOS5vs-2BSnWyzJMkXQxVEReq4oLCDet7QAOvo_JkpSD-2Bg6VoLAQppUKMb-2BxDh4v4nbOeQFT31aoN-2FLkhvFCzY6wdlGM7RTNIi47OKR1tTaghG8tTKssArDNPSXAfX9wO6nsZ2FHn-2FunyaOti-2FaII-2FnbKYDXJOImW-2Bs9f4tYnWj8rqO7L0kp4KNRHBDo0iHoL8DEOGc8GMtzqzsIqERel6-2FxJyY4DBnsnUTOc2I4HCPKA6lxcCEXMtxEA1-2FnQ-3D-3D
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 20:00:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2673
                                Entropy (8bit):3.98901072698485
                                Encrypted:false
                                SSDEEP:
                                MD5:44C6481BDCF1154D4CFDE185C5B1F541
                                SHA1:6999C2129C295E45F42BB752085F1B7C67450077
                                SHA-256:6DD4695EB7A58A40A3BC6CE962DD09273FDB93F78D4CC80C01B4224AF98574F1
                                SHA-512:BB417D8B5DF0AB379BB0F2090111D89F229D89ED243B4BA5D304E9053AFD3A0680B1D8AA2309B58ECA0F347AA68884B6E507673B376815993B354D0F3101878C
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,....V4N.}U..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Yy.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........[5.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 20:00:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2675
                                Entropy (8bit):4.005918548021191
                                Encrypted:false
                                SSDEEP:
                                MD5:18EAF380BB03F733AE3453B2CB943D8D
                                SHA1:0F842A4BEBB4DD0947D662DA1C2E23ECB2F0A18B
                                SHA-256:68D9A42A3C03DFC341D63592288BC5121E7EF3944CAE2A09C8129AC0DBD59965
                                SHA-512:4D89DC32697BDAB3EF73F89173F1AD20A04ACABCE6C33DDF78BD7A6E62EBECA150DEA869597A95C8C7B811C9A3A5B01D490C3E7ADA08EF7242BA071A5BCAF0F8
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,....B.A.}U..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Yy.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........[5.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2689
                                Entropy (8bit):4.012781938410025
                                Encrypted:false
                                SSDEEP:
                                MD5:08ED484EB18926D64B46E1325F5E03A1
                                SHA1:271FF08D57ECA6BCAA28D57FD7C46ECA1592C39E
                                SHA-256:834308EFFDC1516540EFC34190B2FEBA541BFCC5110013DA9606133E21FBCEA4
                                SHA-512:BE3BDF46FF8B22E86FDE42D63021C0F2C9F331584487543ACA9C5FF8AC71CC0A4E86E1014413C11388960C341E975E3B39A8E5EBA5BDF5DD20F43752F7061B2C
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Yy.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........[5.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 20:00:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2677
                                Entropy (8bit):4.002260652146828
                                Encrypted:false
                                SSDEEP:
                                MD5:A720C8F79533F328DD42CE692B65597F
                                SHA1:7E52144DE4F39ACAC066B6523ED5E9BBFE96C076
                                SHA-256:F124E0FACA9F1D9EC3CB8EBC2ED3C11D37AD72778D8543DD9A38B7A35E7FCBE7
                                SHA-512:4053040C38A2C8DD413FFCA0B5BE8F0B690C77C2969068BD539CED37EA9488747656E8BA770658FE6EDD01795766D1ECE82AB63D1D2A7813D300D79FD2E581AB
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,....97:.}U..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Yy.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........[5.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 20:00:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2677
                                Entropy (8bit):3.9926788877738275
                                Encrypted:false
                                SSDEEP:
                                MD5:4C43E82D460D7AA23096D5E2C0B2110E
                                SHA1:A5EE1EF3B1CF4973495F6575CC3B4B5C602635D2
                                SHA-256:FA00C600DA3D7E57A128169439B12BBD0248C8CECD348720394E975C8C565E47
                                SHA-512:4C611713D1123B9630BE24753C7AA9E7DD8AE782A8B9D41838EFF05CF59EEE558CDC7ADAA1C3FE405722E8C575C8B7D48B06B8F430A72FC6FF527B863658FE29
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,......G.}U..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Yy.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........[5.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 20:00:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2679
                                Entropy (8bit):4.00271163680095
                                Encrypted:false
                                SSDEEP:
                                MD5:145C09F57EB9F28B539A72D74CD754D8
                                SHA1:8DB2EEA56D0527D48598C3BFAB56D6AD6D92B4B7
                                SHA-256:AFFB778AABD18938CE0AD31DC1FF9775046AAACBDA143199B4E2EDAAC3D46724
                                SHA-512:5E4CBA1ED1D8306F064422674E259DB09BFBFA1D6FCE80EEC849A0B99B98585BD03D606918AD3C4A940E55DB38C3F6EF5C4638500522B0481BD37DC939CD6EA2
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,......,.}U..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Yy.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........[5.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                No static file info