Edit tour

Windows Analysis Report
https://t.co/aoHJd5qL2s

Overview

General Information

Sample URL:	https://t.co/aoHJd5qL2s
Analysis ID:	1580570

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected suspicious Javascript

HTML page contains obfuscated javascript

HTML page contains hidden javascript code

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6800 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6984 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1972,i,12219763517422618581,17555703325936653541,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6548 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.co/aoHJd5qL2s" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected suspicious Javascript

Source: 0.0.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://t.co/aoHJd5qL2s... The script demonstrates high-risk behavior by redirecting the user to an untrusted domain, which could potentially be a malicious phishing attempt. The use of `location.replace()` to forcefully redirect the user is also concerning.
Source: 0.9.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://yuri.emailsalesgalaxy.com/hevama/zunejoye/... The use of the `document.write()` function to execute dynamic code is a high-risk indicator, as it can be used to inject and execute malicious content. Additionally, the obfuscated text suggests an attempt to conceal the true purpose of the script, which is another high-risk indicator. While the context is unclear, the combination of these behaviors indicates a potentially malicious script that requires further investigation.
Source: 0.8.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://yuri.emailsalesgalaxy.com/hevama/zunejoye/... The use of `document.write()` to execute dynamic code, along with the obfuscated text, suggests the possibility of malicious intent. This behavior is considered high-risk and requires further investigation.
Source: 0.7.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://yuri.emailsalesgalaxy.com/hevama/zunejoye/... The use of the `document.write()` function to dynamically insert content is a high-risk indicator, as it can be used to execute remote or dynamic code. Additionally, the obfuscated text suggests the script may be attempting to conceal malicious intent. While the specific purpose is unclear, the combination of these behaviors warrants a high-risk score.
Source: 0.11.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://yuri.emailsalesgalaxy.com/hevama/zunejoye/... The code uses the `document.write()` function to write dynamic content to the page, which can be a high-risk indicator of malicious behavior. Additionally, the content appears to be obfuscated, which is another high-risk indicator. This combination of dynamic code execution and obfuscation suggests that the script may be attempting to execute malicious code or redirect the user to a malicious site.

HTML page contains obfuscated javascript

Source: https://yuri.emailsalesgalaxy.com/hevama/zunejoye/buni/ta/index.php	HTTP Parser: var ci = "na";/*(function(_0x3ae054,_0x4584cf){var _0x2cf52e={_0x7084af:0x8a,_0x2b4589:0x85,_0x2c
Source: https://yuri.emailsalesgalaxy.com/hevama/zunejoye/buni/ta/index.php	HTTP Parser: var view = "{skipped2}";/*function _0x250f(_0x4ce5ea,_0x2df8b0){var _0x2ddc0b=_0x2ddc();return _

Source: https://yuri.emailsalesgalaxy.com/hevama/zunejoye/buni/ta/index.php

HTTP Parser: Base64 decoded: e272619d65a85dd8c462b16b84ae77a2

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49812 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212

Source: global traffic	DNS traffic detected: DNS query: t.co
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.workjamtech.com
Source: global traffic	DNS traffic detected: DNS query: t3.digitalfortress.su
Source: global traffic	DNS traffic detected: DNS query: yuri.emailsalesgalaxy.com
Source: global traffic	DNS traffic detected: DNS query: pushrev.pushbroker.com
Source: global traffic	DNS traffic detected: DNS query: pushlite.pushbroker.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49812 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@20/33@24/201

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1972,i,12219763517422618581,17555703325936653541,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.co/aoHJd5qL2s"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1972,i,12219763517422618581,17555703325936653541,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://t.co/aoHJd5qL2s	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
t.co	162.159.140.229	true	false	high
t3.digitalfortress.su	104.21.112.1	true	false	unknown
pushlite.pushbroker.com	104.21.1.144	true	false	high
yuri.emailsalesgalaxy.com	172.67.174.18	true	true	unknown
pushrev.pushbroker.com	104.21.1.144	true	false	high
www.google.com	172.217.21.36	true	false	high
www.workjamtech.com	192.254.71.10	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://yuri.emailsalesgalaxy.com/hevama/zunejoye/buni/ta/index.php	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
162.159.140.229	t.co	United States	13335	CLOUDFLARENETUS	false
172.67.152.66	unknown	United States	13335	CLOUDFLARENETUS	false
172.217.19.227	unknown	United States	15169	GOOGLEUS	false
172.217.19.238	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
172.217.17.35	unknown	United States	15169	GOOGLEUS	false
172.217.17.46	unknown	United States	15169	GOOGLEUS	false
216.58.208.227	unknown	United States	15169	GOOGLEUS	false
192.254.71.10	www.workjamtech.com	United States	64235	BIGBRAINUS	false
104.21.80.43	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.181.138	unknown	United States	15169	GOOGLEUS	false
142.250.181.106	unknown	United States	15169	GOOGLEUS	false
104.21.112.1	t3.digitalfortress.su	United States	13335	CLOUDFLARENETUS	false
104.21.1.144	pushlite.pushbroker.com	United States	13335	CLOUDFLARENETUS	false
57.150.27.161	unknown	Belgium	2686	ATGS-MMD-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.67.174.18	yuri.emailsalesgalaxy.com	United States	13335	CLOUDFLARENETUS	true
64.233.161.84	unknown	United States	15169	GOOGLEUS	false
172.217.21.36	www.google.com	United States	15169	GOOGLEUS	false
172.217.19.10	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1580570
Start date and time:	2024-12-25 08:52:22 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://t.co/aoHJd5qL2s
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@20/33@24/201

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.19.227, 172.217.19.238, 64.233.161.84, 172.217.17.46, 217.20.58.100, 57.150.27.161
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, redirector.gvt1.com, blob.bl5prdstr19c.store.core.windows.net, ctldl.windowsupdate.com, clientservices.googleapis.com, vhgcfj.blob.core.windows.net, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://t.co/aoHJd5qL2s

LLM Input / Output

Input	Output
URL: https://t.co Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://t.co
URL: https://t.co/aoHJd5qL2s... Model: Joe Sandbox AI	{ "risk_score": 7, "reasoning": "The script demonstrates high-risk behavior by redirecting the user to an untrusted domain, which could potentially be a malicious phishing attempt. The use of `location.replace()` to forcefully redirect the user is also concerning." }
window.opener = null; location.replace("https:\/\/vhgcfj.blob.core.windows.net\/nbjhhk\/qhsjgjhw.html")
URL: https://yuri.emailsalesgalaxy.com/hevama/zunejoye/... Model: Joe Sandbox AI	{ "risk_score": 7, "reasoning": "The use of the `document.write()` function to execute dynamic code is a high-risk indicator, as it can be used to inject and execute malicious content. Additionally, the obfuscated text suggests an attempt to conceal the true purpose of the script, which is another high-risk indicator. While the context is unclear, the combination of these behaviors indicates a potentially malicious script that requires further investigation." }
document.write(r("Ubj bsgra qb lbh syl ba Havgrq Nveyvarf?"))
URL: https://yuri.emailsalesgalaxy.com/hevama/zunejoye/... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet uses the `document.write()` function, which is a legacy practice and poses a low risk. However, the content being written appears to be obfuscated, which is a moderate-risk indicator. Overall, the script exhibits some concerning behavior but does not demonstrate clear malicious intent, so it is classified as low-to-medium risk." }
document.write(r("Qb lbh hfr gur Havgrq Nveyvarf ncc ba lbhe cubar/gnoyrg?"))
URL: https://yuri.emailsalesgalaxy.com/hevama/zunejoye/... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "This JavaScript snippet appears to be a simple date formatting script with no high-risk indicators. It retrieves the current date and time, formats the day, month, and year, and writes the formatted date to the document. This is a common and benign use of JavaScript, and there are no signs of malicious behavior." }
var mydate=new Date() mydate.setDate(mydate.getDate()); var year=mydate.getYear() if (year < 1000) year+=1900 var day=mydate.getDay() var month=mydate.getMonth() var daym=mydate.getDate() if (daym<10) daym="0"+daym var dayarray=new Array("Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday") var montharray=new Array("January","February","March","April","May","June","July","August","September","October","November","December") document.write(""+montharray[month]+" "+daym+", "+year+"")
URL: https://yuri.emailsalesgalaxy.com/hevama/zunejoye/... Model: Joe Sandbox AI	{ "risk_score": 7, "reasoning": "The use of `document.write()` to execute dynamic code, along with the obfuscated text, suggests the possibility of malicious intent. This behavior is considered high-risk and requires further investigation." }
document.write(r("Qbrf gur cbffvovyvgl bs rneavat ZvyrntrCyhf zvyrf rapbhentr lbh gb geniry zber serdhragyl?"))
URL: https://yuri.emailsalesgalaxy.com/hevama/zunejoye/... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The use of `document.write()` is considered a low-risk indicator, as it can be used for legitimate purposes such as dynamically generating content. However, the lack of context around the `r()` function call raises a minor concern, as it could potentially be used for dynamic code execution if the `r()` function is not properly implemented. Overall, this script exhibits some potentially risky behavior, but without further information, it is likely a low-risk scenario." }
document.write(r(""))
URL: https://yuri.emailsalesgalaxy.com/hevama/zunejoye/... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be a simple data structure containing product information, with no high-risk indicators such as dynamic code execution, data exfiltration, or suspicious redirects. The script seems to be used for a legitimate e-commerce or product display purpose, and there are no signs of malicious intent." }
var symbol="$"; var wall_json=[["Smart Watch\u00a9 + Heart & Steps!","<p><ul><li>Durable, modern design with multipurpose functionality<\/li><li>Instant notifications straight from your phone<\/li><li>Powerful, long-lasting battery<\/li><\/ul><\/p>","$79.99","$0.00 - Pay Only S&H","$7.99","6","https:\/\/clipresource.com\/nas-prod\/c_af72a9ef-05a9-4b58-a805-3ffd753c9153_1683910271.jpg","https:\/\/techstrendsstores.com\/5fcbb34a-47dd-4ff2-bd51-9b9a171708e7?offerId=af72a9ef-05a9-4b58-a805-3ffd753c9153\|b63ba162-1cf5-4692-a113-cf0c4b7554f1\|\|\|&c=%7C437&k=&v=&s=1814&t=&cr=1847&src=&lp=&id=w51k4d16pil817i6377ht3lk&chki=ZTI3MjYxOWQ2NWE4NWRkOGM0NjJiMTZiODRhZTc3YTI=","A","A","","-","us-srv-smartwatch","https:\/\/insightsandmarkets.com\/i\/af72a9ef-05a9-4b58-a805-3ffd753c9153\/b63ba162-1cf5-4692-a113-cf0c4b7554f1"],["Portable Vacuum","Cordless Design & Easy Storage - Wireless vacuum design will free your movement when cleaning the corner of home, car or office. You can place this portable vacuum cleaner in any storage space. Start a pleasant journey with a Mini Vacuum handheld vacuum cleaner cordless.","$139.95","$0.00 - Pay Only S&H","$7.95","3","https:\/\/clipresource.com\/nas-prod\/c_undefined_1661551019.jpg","https:\/\/techstrendsstores.com\/5fcbb34a-47dd-4ff2-bd51-9b9a171708e7?offerId=1a60f7c6-a62c-4f4f-bf3c-6260f681b77d\|b94d6b8a-c19c-4b0b-994b-8a44213d3140\|\|\|&c=%7C437&k=&v=&s=1814&t=&cr=1847&src=&lp=&id=w51k4d16pil817i6377ht3lk&chki=ZTI3MjYxOWQ2NWE4NWRkOGM0NjJiMTZiODRhZTc3YTI=","A","A","","-","us-srv-portableminivacuum","https:\/\/insightsandmarkets.com\/i\/1a60f7c6-a62c-4f4f-bf3c-6260f681b77d\/b94d6b8a-c19c-4b0b-994b-8a44213d3140"],["Camera Wireless Doorbell","Syncs to your mobile phone with a Simple application that is up and running in minutes. - Just like a Video call with high definition camera and sound - Equiped Motion Detection that instantly alerts phone - Night vision","$149.95","$0.00 - Pay Only S&H","$7.95","3","https:\/\/clipresource.com\/nas-prod\/c_6067824c-691b-457e-9383-c156cce806fa_1670250183.jpg","https:\/\/techstrendsstores.com\/5fcbb34a-47dd-4ff2-bd51-9b9a171708e7?offerId=6067824c-691b-457e-9383-c156cce806fa\|3c3490cf-084c-46dd-bf92-12e24a1e4e7f\|\|\|&c=%7C437&k=&v=&s=1814&t=&cr=1847&src=&lp=&id=w51k4d16pil817i6377ht3lk&chki=ZTI3MjYxOWQ2NWE4NWRkOGM0NjJiMTZiODRhZTc3YTI=","A","A","","-","us-srv-smartvideodoorbell","https:\/\/insightsandmarkets.com\/i\/6067824c-691b-457e-9383-c156cce806fa\/3c3490cf-084c-46dd-bf92-12e24a1e4e7f"],["Dash-Cam with Night-Vision + Motion Detection and Built-In LCD","<ul><li>1080P Full HD and 120\u00b0 Wide Viewing Angle<\/li><li>Protect Yourself with Accurate Record of Accidents & Vandalism for Insurance Companies & Law Enforcement<\/li><li>Motion Sensor, Night Vision & Integrated Microphone Make This the Best Dashcam on the Market!<\/li><\/ul>","$119.99","$0.00 - Pay Only S&H","$4.95","4","https:\/\/clipresource.com\/nas-prod\/c_8cfd103b-74fa-4fad-a1d2-ff4d0036298c_1684171824.jpg","https:\/\/techstrendsstores.com\/5fcbb34a-47dd-4ff2-bd51-9b9a171708e7?offerId=8cfd103b-74fa-4fad-a1d2-ff4d0036298c\|e688552c-754c-411e-87d0-233949a61efa\|\|\|&c=%7C437&k=&v=&s=1814&t=&cr=1847&src=&lp=&id=w51k4d16pil817i6377ht3lk&chki=ZTI3MjYxOWQ2NWE4NWRkOGM0NjJiMTZiODRhZTc3YTI=","A","A","","-","us-srv-dashcam","https:\/\/insightsandmarkets.com\/i\/8cfd103b-74fa-4fad-a1d2-ff4d0036298c\/e688552c-754c-411e-87d0-233949a61efa"],["Robot Vacuum Cleaner. Totally autonomous. Cleans your entire house!","Maintenance-Free Vacuum. Pet-friendly. Silent and Efficient!","$49.95","$0.00","$7.95","4","https:\/\/clipresource.com\/nas-prod\/c_22cb510a-0d9d-4d11-a06b-1f40abd2a729_1684171780.jpg","https:\/\/techstrendsstores.com\/5fcbb34a-47dd-4ff2-bd51-9b9a171708e7?offerId=22cb510a-0d9d-4d11-a06b-1f40abd2a729\|7cffada0-5eb6-4499-8e5e-e0866d5127be\|\|\|&c=%7C437&k=&v=&s=1814&t=&cr=1847&src=&lp=&id=w51k4d16pil817i6377ht3lk&chki=ZTI3MjYxOWQ2NWE4NWRkOGM0NjJiMTZiODRhZTc3YTI=","A","A","","-","us-srv-robovacuum","https:\/\/insightsandma
URL: https://yuri.emailsalesgalaxy.com/hevama/zunejoye/... Model: Joe Sandbox AI	{ "risk_score": 7, "reasoning": "The use of the `document.write()` function to dynamically insert content is a high-risk indicator, as it can be used to execute remote or dynamic code. Additionally, the obfuscated text suggests the script may be attempting to conceal malicious intent. While the specific purpose is unclear, the combination of these behaviors warrants a high-risk score." }
document.write(r("Ner lbh n Havgrq Nveyvarf Perqvg Pneq pnequbyqre?"))
URL: https://yuri.emailsalesgalaxy.com/hevama/zunejoye/... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet uses the `document.write()` function, which can be used to dynamically inject content into the web page. However, the content being written appears to be obfuscated, which is a low-risk indicator. Without further context, this script is likely performing some benign task, such as decoding a message or displaying content. The overall risk is low, but the use of obfuscation warrants further investigation." }
document.write(r("Havgrq Nveyvarf"))
URL: https://yuri.emailsalesgalaxy.com/hevama/zunejoye/... Model: Joe Sandbox AI	{ "risk_score": 8, "reasoning": "The code uses the `document.write()` function to write dynamic content to the page, which can be a high-risk indicator of malicious behavior. Additionally, the content appears to be obfuscated, which is another high-risk indicator. This combination of dynamic code execution and obfuscation suggests that the script may be attempting to execute malicious code or redirect the user to a malicious site." }
document.write(r("Unir lbh gnxra n syvtug va gur ynfg gjb jrrxf?"))
URL: https://yuri.emailsalesgalaxy.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": true, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: https://yuri.emailsalesgalaxy.com
URL: https://yuri.emailsalesgalaxy.com/hevama/zunejoye/buni/ta/index.php Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Complete the short survey about United Airlines to select your exclusive offer of up to $100 cash value.", "prominent_button_name": "ACCEPT", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://yuri.emailsalesgalaxy.com/hevama/zunejoye/buni/ta/index.php Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "Yes", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://yuri.emailsalesgalaxy.com/hevama/zunejoye/buni/ta/index.php Model: Joe Sandbox AI	{ "brands": [ "United Airlines" ] }
	{ "brands": [ "United Airlines" ] }
URL: https://yuri.emailsalesgalaxy.com/hevama/zunejoye/buni/ta/index.php Model: Joe Sandbox AI	{ "brands": [ "United Airlines" ] }
	{ "brands": [ "United Airlines" ] }
URL: https://windows.net Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://windows.net

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 25 06:52:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.988303866137976
Encrypted:	false
SSDEEP:
MD5:	23F3FA30FA4249C8A1FF5BBCA0E5F98A
SHA1:	858E431CC98B05383AA8D363CE75FB221F18A04B
SHA-256:	C6DCC13169C95AD757A73116D602A00B7F2DC9BADB0676F784E0E5B146B23CDB
SHA-512:	DD9B082BF6E9EC5347F51B3D92781B93384C949EF198F1E11ABF31A51983077049690CC0C30F4A06226FFA1D3D3ADBD5124B22AD3D2F0F54C367CE2F81247097
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....>....V..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.>....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.>....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.>....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.>..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.>...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 25 06:52:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.0074602282095375
Encrypted:	false
SSDEEP:
MD5:	E6C4BFC3976BCB0E1C5F1009D5236930
SHA1:	B858091CB022F0EEB50FC7C24AA8DD4980741C19
SHA-256:	ED5F4A547E0548CE8FB1B3D238933E7CEBD51709B585C0CAAAD01E042EEBAB29
SHA-512:	6D60D90BD9F131E5A3FED3836CFBA82CFF0DF5BA4D85A69B2EF0BDB4B722F7BEB45FF3ECD2802E3F006A5390CFAD4AB32B9BD63C990E8AAD8705F5D2C743B8DE
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.........V..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.>....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.>....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.>....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.>..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.>...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.014363477525476
Encrypted:	false
SSDEEP:
MD5:	2DF24EE739A00428C2EB3DD32A538758
SHA1:	EE19CD1CE5338767FC5598583A4D5175116927D8
SHA-256:	B155D00D85CEA824D6546A95591372C8D6C9C6B9221ACDBEF91E9E132156C857
SHA-512:	1F8A61BC17F0A6D70F6BC76AF16A1FA5BCE571C06D1B469E5137647767EB5356DBEFD16B9E4E2D76EB12EDC07F413810CBF4E1AB753EA7537C0741CB7CE13C89
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.>....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.>....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.>....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.>..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 25 06:52:53 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.004025216587767
Encrypted:	false
SSDEEP:
MD5:	A480468A63FE2C1D760609AA3F790EF1
SHA1:	D8DADB933C78FCAB186F0D6BA4131E809D445EEA
SHA-256:	56ED344D47FC4D3A69C991F15FF5DE772ED3EAE6AB294D6F29A5D275BFFB4640
SHA-512:	578BDB35AF79E1527D18446B97509C86F3ABC4262358D6AEDEAE8BCE319DA7FFA3E3442F9311DA6473E7B5DA21DAFCCF98B6B17717EF2FE6483C171BF108719C
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....K...V..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.>....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.>....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.>....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.>..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.>...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 25 06:52:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.99110730417599
Encrypted:	false
SSDEEP:
MD5:	AA837BF97A66C57AA32753B3F53319F6
SHA1:	EC6FE1FAC5BD58A59C7C69AE4EBD79F6BEFA7566
SHA-256:	AF9F03C555E1BE515EB0D7810E11142A4AEA0769C2F4CAF1F6BE961AB4B1A718
SHA-512:	91A7884CE8C406A116B2A9E57B2F099300C49F1CD26E55F1C67AFB042A337DD167B02B7B7D57B03411E0084D143AB8888ACCD42C6936B517C92F659969372923
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....x....V..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.>....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.>....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.>....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.>..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.>...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 25 06:52:53 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9985381693397826
Encrypted:	false
SSDEEP:
MD5:	2B944ADAC022043A416BDB8DE4F64394
SHA1:	76E6195A7E71F3B69D75E7ECCA1CA7E1330897BC
SHA-256:	FD326893D950E32B1580F0008BFA226C66759313FDA60FE44555644030C64E8D
SHA-512:	D9B49D67D7D58C3DBB8213BF2D1A3BFEE3B6683A040F4E1B8E6D3CA592397E719BF1ABEA56DA4CBCECE386AA3043B94353A23F54FC3E306011396C50C8EFDA43
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....M....V..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.>....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.>....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.>....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.>..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.>...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	42
Entropy (8bit):	4.403989446485262
Encrypted:	false
SSDEEP:
MD5:	E901EF36FE4322981D42AD6BA305EC1B
SHA1:	66A8A5FBC507B0D257ED969C0D880C226FBEE7D0
SHA-256:	7E89417A4D783306A36D217F13DDDFF662F2CC5DA57A995877961E85446A96F1
SHA-512:	0B1C0B9E94A34D8242BAF9A6ABBB9D9333641452AEE5B85BD4FEF582F2AB31C08976EF86E82960146D835CC0828F9B9462E77405083199AFACF20DFF5D7ACEDD
Malicious:	false
Reputation:	unknown
URL:	https://yuri.emailsalesgalaxy.com/manifest.json
Preview:	{ .. "gcm_sender_id": "325377692881"..}

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	exported SGML document, Unicode text, UTF-8 text, with very long lines (1547), with CRLF line terminators
Category:	downloaded
Size (bytes):	14309
Entropy (8bit):	5.388844465018709
Encrypted:	false
SSDEEP:
MD5:	F0D528EBFF82371AE76F02BB0048C610
SHA1:	CA9D6E831AB955C730E74815D6D4B242CA5E8323
SHA-256:	7C50DDCC17E0CC11BA25E7DB7CFDD80BF0FC925168B5A05485F5633182E16B78
SHA-512:	78333505FD80B14C5D9C73D155DB8F226CC5FA516776650261D60D55195C13A2C44DB7F59F2AE0AC98A4AF4D912E0BE53828DA99746799A0C493CE37724A213D
Malicious:	false
Reputation:	unknown
URL:	https://yuri.emailsalesgalaxy.com/assets/js/scripts-w14-t-f-qc-v2-fst-ri.js?v=5.42&cc=us
Preview:	if (typeof symbol == "undefined") {...var symbol = "$";..}....var x = new Date();..var x1 = x;..function findGetParameter(parameterName) {.. var result = null,.. tmp = [];.. var items = location.search.substr(1).split("&");.. for (var index = 0; index < items.length; index++) {.. tmp = items[index].split("=");.. if (tmp[0] === parameterName) result = decodeURIComponent(tmp[1]);.. }.. return result;..}....function trkclk() {...var iframe = document.createElement('iframe');...iframe.src = "https://" + oho + "/click/1";...iframe.height = 0;...iframe.width = 0;...iframe.style.visibility = 'hidden';...iframe.style.display = 'none';...document.body.appendChild(iframe);..}....function loadWall () {...var countDownDateAjax;...var endDateAjax = Array(); ...var currentTimeAjax;......trkclk();......if (typeof gtag != 'undefined') {....var script_tag = document.createElement('script');....script_tag.type = 'text/javascript';....script_tag.text = gtag;....documen

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (1180), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	1233
Entropy (8bit):	5.554754890514694
Encrypted:	false
SSDEEP:
MD5:	B992FD95F789622FF7303C8F5C72A966
SHA1:	F2346813E5937EF81F2142AA853FF5523683BCBA
SHA-256:	EB31503891973182467742BD11BE208B02B07B19D0CE9B1216A35CC6E7BE78DB
SHA-512:	FE0BF700760F27B60DEA8927D9D9E7CA2374A767621C612BE5D9DEC058DB40F9E0F647B6187F4E0EFF4E0EA85179078D2AC25DC5508480612C490AF4BDE2B384
Malicious:	false
Reputation:	unknown
URL:	https://yuri.emailsalesgalaxy.com/hevama/zunejoye/buni/ta/index.php
Preview:	.<script>...var _0x45a3=['href','310326TemamY','$1//$2','3789jqLAjI','201260CufYBR','includes','location','624856ogdMrz','28pRWhXX','10734yvtFqz','352RuMMpQ','1339PvpRAh','392868PctkdY','indexOf','596BmZxvY'];var _0x5ce7=function(_0x34bb17,_0x37718d){_0x34bb17=_0x34bb17-0x1b8;var _0x45a37a=_0x45a3[_0x34bb17];return _0x45a37a;};var _0x3c82e1=_0x5ce7;(function(_0x4279be,_0x4a014c){var _0x2ec4e6=_0x5ce7;while(!![]){try{var _0xe2f92d=-parseInt(_0x2ec4e6(0x1c4))+parseInt(_0x2ec4e6(0x1c2))-parseInt(_0x2ec4e6(0x1bf))+-parseInt(_0x2ec4e6(0x1c0))+parseInt(_0x2ec4e6(0x1bc))parseInt(_0x2ec4e6(0x1bd))+parseInt(_0x2ec4e6(0x1bb))+-parseInt(_0x2ec4e6(0x1b8))+parseInt(_0x2ec4e6(0x1c6))*parseInt(_0x2ec4e6(0x1be));if(_0xe2f92d===_0x4a014c)break;else _0x4279be['push'](_0x4279be['shift']());}catch(_0x1227cb){_0x4279be['push'](_0x4279be['shift']());}}}(_0x45a3,0x87e5e));var params='';params!=''&&(window[_0x3c82e1(0x1ba)][_0x3c82e1(0x1c3)][_0x3c82e1(0x1c1)]('?')<0x0?params='?'+params:params='&'+params);

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	4691
Entropy (8bit):	5.311566373046435
Encrypted:	false
SSDEEP:
MD5:	9191BADC7983A55196D779CD021B310C
SHA1:	FC305042368CD8583290C0E4C7BE37196995E2D4
SHA-256:	33A00E07B984828565D7BE25680F7BB1EA66CB616D8F24AF23E888C4CA52B2E8
SHA-512:	AE47791E63292269154CB5E249DC7552898269BA5A56DF8D4F0170D04294B7E5A7C7FB7A08610F7D1EB292C0DBB790C4AF9B1CF5AF4F22F9F85EEE47F233EA1C
Malicious:	false
Reputation:	unknown
URL:	"https://fonts.googleapis.com/css?family=Lato:400,400italic,700,700italic,900,900italic"
Preview:	/* latin-ext /.@font-face {. font-family: 'Lato';. font-style: italic;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/lato/v24/S6u8w4BMUTPHjxsAUi-qJCY.woff2) format('woff2');. unicode-range: U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./ latin /.@font-face {. font-family: 'Lato';. font-style: italic;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/lato/v24/S6u8w4BMUTPHjxsAXC-q.woff2) format('woff2');. unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;.}./ latin-ext */.@font-face {. font-family: 'Lato';. font-style: italic;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/lato/v24/S6u_w4BMUTPHjxsI5wq_FQft1dw.woff2) format('woff2');. unicode-range: U+0100-02B

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 500 x 500, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	11549
Entropy (8bit):	7.940863053944669
Encrypted:	false
SSDEEP:
MD5:	F847A91C266B53CB131F1BBB4649DFAC
SHA1:	5402AA89A6A0E59B0FC8A7E1B5322519AFB8D8DE
SHA-256:	F8244DE47F1EF911CA15B059C5F3914CA8B77341F379A867833CDAE4D97E7E9E
SHA-512:	E94F17BF5769CAF7E5C43FDDFA79D973F86CFE22DF54B4BEBDE909E9C0D88BBDF9B5FD4DC125010C5F4ADBD94763B5A243DC6D568B62D95260113B51EEDBB711
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............../.....PLTE..../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../.Y.....5tRNS..Z....4p:..g......Jm.\|, w$C..O?1..^......&..T.c....[~...+.IDATx...1..0......L..Z-t.K,d......................}..5..s.^#H..t..I...$=Hz.. .A...I...$=Hz....v.......!.x..V..x.^........1@.g;......u.kHBj....}....G..)...;.1...D....4J[.....}..?....-.5'....X...S-...1.._. Ig.hz..o....e.U.j....-.G...M...".m..1..LQ..D.d.B"J.R..;...\..sT...n..r.....A4.$.2...v.../Y..y.......7L....-DY.6=\....x...a.tPZ..@.dy.....x..4.c..I...H..92.D.Ci.,...vs...Dw..5-.V J.........6.._..k@...;Frc.9E....}6A.A.[T>...../......tyW$z.hNf..Y0E...h..Y?2....[.nt.M...f.%......~.V/../72.S9.;."...W..4.}..@j../N.@9.....#.+..QS.:...R...u`C9..&u.D.5Mk3.E...N.}...F..O.=(7\|.S$zf............sXT.E.<.j..\|"........asT&....z.o...W.@....<(..qvU.........(o;....sm.*..5.ht..6...8c....R..l..P.0.%...

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 50x50, components 3
Category:	downloaded
Size (bytes):	1212
Entropy (8bit):	7.487393417354084
Encrypted:	false
SSDEEP:
MD5:	0B91B284D880829BC882F96C1EB2F21C
SHA1:	06DD26BCBDE4B7A8981091D028A5664238CEC671
SHA-256:	2AC98DE861AAE4984B0D4A2EAAF03525B8A230F6645598D7951AD970EB35193A
SHA-512:	5F15C31A043F9AAB7404E161380176246372EA5BFE1D7F02A40D0355D8436A5AA559E4A47AA1FED664CCE3AEC6E84C297566655EE8DF989A2A915A02685B91F5
Malicious:	false
Reputation:	unknown
URL:	https://yuri.emailsalesgalaxy.com/people/2.jpg
Preview:	......Exif..II.................Ducky..............Adobe.d...............................................#%'%#.//33//@@@@@@@@@@@@@@@......................&.....&0#....#0+.'''.+550055@@?@@@@@@@@@@@@......2.2.."................................................................................!1..AQa"2.q.3....Br....RCS4D5.....................!1Q..A.q."2BRr.3.............?.W.....4.....20.g....CDN.1.Q[.N.o.Tp.G.# =..s..+......G\OJ.y[.}.~4.1.......6..#.....s..l/.4....,.hK..p..?..6W/..OTL.v.!..1..^Lw\..s..V.3,.. 9.k....3......R...m..dc.n8.G_..c.Xr.K\|..B.H.5..v...Y..S..?.G~.........s.^E{..-....3..5ee.YJ.kV...Z..g\(.....o...EO.........pe....#.e.c..y.w%..V'..t.i\|......+.&.U!.A........R.r..0.Jq..A.9R..............`........Z..^J..%V,.s.....5s..%...F...\|.!. @....1..[.Z?.n.6.S..+.....G..=z"......U...2.)#..$....ku..)(..k..Q..U&.Q /.x.<....ta.y.#.c.....b..b2-U.)......~'...U..l..........jc.8.C..B...J..;3.SN*..<1..S]\}.M0W.B.t..1.\{..D..p..og.a.........W....2..N=...I#x=$P.

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65371)
Category:	downloaded
Size (bytes):	121260
Entropy (8bit):	5.0979844613521985
Encrypted:	false
SSDEEP:
MD5:	2F624089C65F12185E79925BC5A7FC42
SHA1:	8EB176C70B9CFA6871B76D6DC98FB526E7E9B3DE
SHA-256:	EECE6E0C65B7007AB0EB1B4998D36DAFE381449525824349128EFC3F86F4C91C
SHA-512:	9CDA3EC821C4CA7D2C98CC52B309DFFCE9D7EBF2B026E65394D6418DAB8A8532B473ECD3FAAE49382C7450585743AAC947D8E0E84B3C80FB83DAE65C6032EA4B
Malicious:	false
Reputation:	unknown
URL:	https://yuri.emailsalesgalaxy.com/assets/bootstrap/dist/css/bootstrap.min.css
Preview:	/!. Bootstrap v3.3.6 (http://getbootstrap.com). * Copyright 2011-2015 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). //! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css */html{font-family:sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{margin:.67em 0;font-size:2em}mark{color:#000;background:#ff0}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	22382
Entropy (8bit):	1.7993121781592736
Encrypted:	false
SSDEEP:
MD5:	891E510219786F543CA998282ED99F45
SHA1:	19FE2FF6A2418BCB44B02308B998CEF84199EE08
SHA-256:	E4BDF72E2F803F7E19907C12F407AC7F7CD5F1F94BFD730B9BE24B0D49191B48
SHA-512:	E6729E7E1ED1909297317E249ADB7AF6C230B2A7082EA792C7776FA5037C8ED8AAF02BCC4015334B6C439732F965CE19291FFE863126D0C20BED9A0C89C4A95B
Malicious:	false
Reputation:	unknown
Preview:	............ .h...6... .... .........@@.... .(B..F...(....... ..... ................................................................................................................................................................................X.......J......."...........................................V..............................................................................................X......................................................................................................................................................................................................................................................................................................................]...........................U.......................................4...........................v...........2...t.........................................................H...9...................................................................c..............................

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 50x50, components 3
Category:	dropped
Size (bytes):	1005
Entropy (8bit):	7.267653088789914
Encrypted:	false
SSDEEP:
MD5:	C954BA990F4D77FE70114200E3A1AA32
SHA1:	D78628EA691AE21EE498A0182920A98BB8E64E51
SHA-256:	E4475CABE931A1F71DEEA2DB0509054D4261AF226673C9450F0085B82D6D123F
SHA-512:	6398C81C51142F41D02EDB198322F1C5163F9CD6DE3BEA2B993322E8CB860AB22842D4437C62BA94EFC3FF6FC012BF8448F78E735BD7E7F60C3FC4D51FC6B638
Malicious:	false
Reputation:	unknown
Preview:	......Exif..II.................Ducky..............Adobe.d...............................................#%'%#.//33//@@@@@@@@@@@@@@@......................&.....&0#....#0+.'''.+550055@@?@@@@@@@@@@@@......2.2..".................................................................................!1..AQa"2.q.R.3..Bb..4.....rS.DT.....................!1Qa..Aq2r."R#3.............?.a.e.X..[V....c..+.e...2..Y..o>_.CZK\..m.B.6.B...\........L.'M..........58..'..3>.n....5..lY894.A-.UFJ..;-0.w..X....EIx......Rl.k....0..gB....G..@N......3...{]@~.?......U....5.^.a%+K..>aA...@.r..l.......Z.j..)./k{..=...E.v.lL..o....;.2.E4&.-d.....aq#.u.Q`s...\..Y]V.k@...bU.b2.E#^.......y.R.._.\|...i}:..5...cs.f.6....f#.w...1....tW.3...,j.;.q.i...S.......vO.c..xG.j...k.d......3.H....,u...A....$..E.....K..3B....?......P..XJ.V...r...h.V.%,...\..>I............I.A.!...a(.....Q..'.'.E1.1$p.......X.5...6...j.._C=.-./.._T........B.._..........3/9W.7...c..~...B...w2...bK../..I.\|......}k..\e.......K..

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32031)
Category:	downloaded
Size (bytes):	37544
Entropy (8bit):	5.7831965742373095
Encrypted:	false
SSDEEP:
MD5:	D56A1947AE3583E101D46A86CD20560F
SHA1:	8E7EA02D82BBD0F03D91C6194666B557CC019F16
SHA-256:	CDFA9A147AE8D8357855515BAB5291B8C9342EEED9D638B47103C19D9D9AAF36
SHA-512:	CACF202E369ACBD5B063BEFC74CFE7E37AC3A1F9FC285867E77C543FCF53A19C05586A8CED8A33C4192F872E7DD26C7E6D9B2C21CF24DB1D1E9C9AD1EFF0CB82
Malicious:	false
Reputation:	unknown
URL:	https://yuri.emailsalesgalaxy.com/assets/js/mobile-detect.js-master/mobile-detect.min.js
Preview:	/!@license Copyright 2013, Heinrich Goebl, License: MIT, see https://github.com/hgoebl/mobile-detect.js/.!function(a,b){a(function(){"use strict";function a(a,b){return null!=a&&null!=b&&a.toLowerCase()===b.toLowerCase()}function c(a,b){var c,d,e=a.length;if(!e\|\|!b)return!1;for(c=b.toLowerCase(),d=0;d<e;++d)if(c===a[d].toLowerCase())return!0;return!1}function d(a){for(var b in a)h.call(a,b)&&(a[b]=new RegExp(a[b],"i"))}function e(a,b){this.ua=a\|\|"",this._cache={},this.maxPhoneWidth=b\|\|600}var f={};f.mobileDetectRules={phones:{iPhone:"\\biPhone\\b\|\\biPod\\b",BlackBerry:"BlackBerry\|\\bBB10\\b\|rim[0-9]+",HTC:"HTC\|HTC.(Sensation\|Evo\|Vision\|Explorer\|6800\|8100\|8900\|A7272\|S510e\|C110e\|Legend\|Desire\|T8282)\|APX515CKT\|Qtek9090\|APA9292KT\|HD_mini\|Sensation.Z710e\|PG86100\|Z715e\|Desire.(A8181\|HD)\|ADR6200\|ADR6400L\|ADR6425\|001HT\|Inspire 4G\|Android.\\bEVO\\b\|T-Mobile G1\|Z520m",Nexus:"Nexus One\|Nexus S\|Galaxy.Nexus\|Android.Nexus.Mobile\|Nexus 4\|Nexus 5\|Nexus 6",Dell:"Dell.Streak\|Dell.*Aero\|Dell.

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	175
Entropy (8bit):	5.12772588218902
Encrypted:	false
SSDEEP:
MD5:	6BEEAE540BCBBE89280E71428BF3FB6C
SHA1:	7EDE1E8311CC71F14FCAA97D727EED4F81F48D01
SHA-256:	1B771238D51EAB9AF01EA9D268F82F935D1CC86CA133D9F8F1E506DAE05B7D8D
SHA-512:	84D7A1DD9C438AC80B1776405D0EC896CB4A868373FA75ED45CD1E7061F92EA604C492ED9F718BA4187B93A98C81D61D8D9934FDD3914A24F85D4C27BCF001BF
Malicious:	false
Reputation:	unknown
URL:	https://vhgcfj.blob.core.windows.net/nbjhhk/qhsjgjhw.html
Preview:	<html>.<head>.<title>Redirection en HTML</title>. .<meta http-equiv="refresh" content="0; URL=https://www.workjamtech.com/3ZSTW5S/XN48XM1/">.</head>. .<body>.</body>. .</html>

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1977), with CRLF line terminators
Category:	downloaded
Size (bytes):	29241
Entropy (8bit):	5.329339161343714
Encrypted:	false
SSDEEP:
MD5:	2A5FC364EB609EB776FC6E380D49DEE0
SHA1:	3719D3CE393A39C67B2095C074531445026ACBFC
SHA-256:	79BFB0E9785FD689591F30D35F9AFAFCC81F8C2A77E6D831BE8C7C6EE6DE872C
SHA-512:	7A3520933501C83D312A1D39D7B80F8523CE51552934D51F4BBC8671B41244CF8A8570CFB37931A21998651B6DDEACB39998960BE35730A48B2810136579FC34
Malicious:	false
Reputation:	unknown
URL:	https://pushrev.pushbroker.com/javascripts/trackpush-v2-cm.js
Preview:	function _TRKPushDeferred() {.. this._done = [], this._fail = []..}....function getUrlVars() {.. var a = {};.. window.location.href.replace(/[?&]+([^=&]+)=([^&]*)/gi, function(b, c, d) {.. a[c] = d.. });.. return a..}....function urlBase64ToUint8Array(base64String) {.. const padding = '='.repeat((4 - base64String.length % 4) % 4);.. const base64 = (base64String + padding).. .replace(/\-/g, '+').. .replace(/_/g, '/').. ;.. const rawData = window.atob(base64);.. return Uint8Array.from([...rawData].map((char) => char.charCodeAt(0)));..}....function _TRKPushGetDeviceType() {.. var a = 1,.. b = "desktop";.. return function(b) {.. (/(android\|bb\d+\|meego).+mobile\|avantgo\|bada\/\|blackberry\|blazer\|compal\|elaine\|fennec\|hiptop\|iemobile\|ip(hone\|od)\|iris\|kindle\|lge \|maemo\|midp\|mmp\|mobile.+firefox\|netfront\|opera m(ob\|in)i\|palm( os)?\|phone\|p(ixi\|re)\/\|plucker\|pocket\|psp\|series(4\|6)0\|symbian\|treo\|up\.(browser\|link)\|vodafone\|wap\|windows ce\|xda\|xiino/

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	82
Entropy (8bit):	4.497753303837379
Encrypted:	false
SSDEEP:
MD5:	0228ED5CD654633E668CDFB60F9C6AC7
SHA1:	12A532472F9D61AAA02679961155BB533434C073
SHA-256:	A0B32B3DA027CBD4CAC05797D9C7CFF4174CDDDD9F0CD314B7875420578E4748
SHA-512:	A9768944C5765319955B6327A22AF0A63EBC656CCB078C29E7021210852E1BFB3AAF9B148BABEBA80ACE33BD62F2E9FCFEBCE7329390803B91BFFF4BAF792382
Malicious:	false
Reputation:	unknown
URL:	https://yuri.emailsalesgalaxy.com/service_worker.js
Preview:	importScripts('https://pushlite.pushbroker.com/javascripts/service_worker.js?v1');

Chrome Cache Entry: 124

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (327), with no line terminators
Category:	downloaded
Size (bytes):	327
Entropy (8bit):	4.915804590086596
Encrypted:	false
SSDEEP:
MD5:	5D0AF6684FA79C46194DD9B0B593B768
SHA1:	519676289B9503A92FF52405D8C8BD35DB58E13B
SHA-256:	BF089FB1A65C58BF09F84FA516C3E68A53031684C85533DAAAE630EB3489072E
SHA-512:	BC72650CBE73B766AD864308D31224F44F5D05DE08DCCABBD3D1DAB3DC0DBE0E65563BC082E11F85E5E545D896944B7B89157EA66EA2090D9E005A654A1D460C
Malicious:	false
Reputation:	unknown
URL:	https://t.co/aoHJd5qL2s
Preview:	<head><noscript><META http-equiv="refresh" content="0;URL=https://vhgcfj.blob.core.windows.net/nbjhhk/qhsjgjhw.html"></noscript><title>https://vhgcfj.blob.core.windows.net/nbjhhk/qhsjgjhw.html</title></head><script>window.opener = null; location.replace("https:\/\/vhgcfj.blob.core.windows.net\/nbjhhk\/qhsjgjhw.html")</script>

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32024)
Category:	dropped
Size (bytes):	34573
Entropy (8bit):	5.5451808678577414
Encrypted:	false
SSDEEP:
MD5:	91FF20592A1B1AEBFC39C073360EF584
SHA1:	70208111CC5E63E92A1EE1CC2D640A07DDF758E4
SHA-256:	13774735C1ED030C52D47A268B2A2D1BC16BE14CC433C61FCFC6EE1F81A4E96E
SHA-512:	08013DBB3BB97EE37D0167AEBB4BDE4CE7C4700156FBD479A1E03252FBE2B601F92C0A18B7728D9EFE498D0E9E59F64A481B31E3B815233A42A81B02FB2CD520
Malicious:	false
Reputation:	unknown
Preview:	!function(e,t,i){"use strict";"function"==typeof define&&define.amd?define(i):"undefined"!=typeof module&&module.exports?module.exports=i():t.exports?t.exports=i():t[e]=i()}("Fingerprint2",this,function(){"use strict";Array.prototype.indexOf\|\|(Array.prototype.indexOf=function(e,t){var i;if(null==this)throw new TypeError("'this' is null or undefined");var a=Object(this),r=a.length>>>0;if(0===r)return-1;var n=+t\|\|0;if(Math.abs(n)===1/0&&(n=0),n>=r)return-1;for(i=Math.max(n>=0?n:r-Math.abs(n),0);i<r;){if(i in a&&a[i]===e)return i;i++}return-1});var e=function(t){if(!(this instanceof e))return new e(t);var i={swfContainerId:"fingerprintjs2",swfPath:"flash/compiled/FontList.swf",detectScreenOrientation:!0,sortPluginsFor:[/palemoon/i],userDefinedFonts:[]};this.options=this.extend(t,i),this.nativeForEach=Array.prototype.forEach,this.nativeMap=Array.prototype.map};return e.prototype={extend:function(e,t){if(null==e)return t;for(var i in e)null!=e[i]&&t[i]!==e[i]&&(t[i]=e[i]);return t},log:func

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 50x50, components 3
Category:	dropped
Size (bytes):	936
Entropy (8bit):	7.243288128343521
Encrypted:	false
SSDEEP:
MD5:	3FD556959987D7B090E8AE4C7C8E07F5
SHA1:	EFAB3432C13DB50F9001E8A2C9FED57292B7710A
SHA-256:	D7532D53E07DE8CD28C1A4D98E284DF714255EC21C86D6756FE9261EC30691CF
SHA-512:	241D2BFEFF38BAAD17BA96124AF453E0D3BA0B402F7C567C589D227F71A30863FC2B4BB5A2F3A4871FC589E95870D2308F0A8926D09ECA9E1FAD0BCB1928FAE7
Malicious:	false
Reputation:	unknown
Preview:	......Exif..II.................Ducky..............Adobe.d...............................................#%'%#.//33//@@@@@@@@@@@@@@@......................&.....&0#....#0+.'''.+550055@@?@@@@@@@@@@@@......2.2.."................................................................................!.1.A.Qq.2.3a..."B..Rbr.#CS4.......................1A.!q"3.a............?.e.8...h...s.[7.I.>.,k[...U.Y,ty.b8.\|\..dJ.....".<J..........V~:..=..uk.....J..6.-.T.0M+.....M....0i..nOG..\..,....vs$.....E.".}."d...;... .....kS$)B.=.%....s\|Yf..w....)^.O$]tb..L.I}.?`.Yi\Y..$.9F...I..-.......y.9..._CE.9.+........{R..........)..j...X.5........K.D.h.#......D.X..B..Ds.........]8o.e.....P..+.-y2d\|Mm.....L.!......c.KA.u.:......\..Z..#<...@Z.;.(...1.u.!..L.L2........8..W..u...ihc.F..C[W..../R.%...c.k....X.[&I......O3........G..?.J...7.,.x."..%~........=G/..<zw......t.g]u(B...v'....&.}...>.!Ql#.......<...t.W..pB...P..[..!g...

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 465 x 233, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	74840
Entropy (8bit):	7.987973389312117
Encrypted:	false
SSDEEP:
MD5:	CD17318450CB0CADDD643FDE9A85B93E
SHA1:	8DADC6EF4981F47C60B6FD36E4B78FFFD0BC9DB6
SHA-256:	F9D2B2ED6891AC2766030456DCC0E39EE7EF2C91DAAC53728A0FF3C6D71F26B8
SHA-512:	9F785849D135B71885713A87B6D0D29C0FCE7AAA33A155F53C8E507C0E72A88DE2554F33CE2FB50146717ED37166E2A72F403C1974D7BF007ADEB7F14CF3FFB7
Malicious:	false
Reputation:	unknown
URL:	https://yuri.emailsalesgalaxy.com/assets/images/United-Banner.png
Preview:	.PNG........IHDR.............{......DiCCPICC Profile..H...wT......l/.]."e.....H.&....KY.e..7D."...V$(b.h(.+.X......"J.F........;'..N..w>.}..w......(.!.a...@.P"...f..'0...D..6.p....(.h..@_63.u.._....-.Z..[..3.....C.+.K.....;.?..r!.Y...L.D...)c.#c1. .2N.....\|bO..<.G.....q....\|........\|.o...%.....ez6.....".%\|n:..(S..l...@..}.)_.._....;G.D,HK.0..&L.gg.3....H,.9.L...d.d.8.%.\|.fY.P.............-.........d....2..A../../ZN-..).6[.h);.h[..../..>....h...{..yI.HD.VV.....>.RV....:\|..{..<K.y.k...r.Y..........+.p.L.......UZ_.a..O..B...t...4..B.@"..2......*..~.k.hu..=..(....k.....I..@...B......=.i.QF....a.2.....1e2;2....d.........t.....0....8.W..\|A.... .,.\.......`.(.%`.....^P..@.8...Ip.\.W.5p...C`.<...5.. ..Q!...iC...d.. w....".x(.J....Z...J.r....5@.C'.s.e.....C....;..)0...a+..{..p4..N...K.Bx3\...G.V..\|.......). d... ...a#aH......H1R.."MH..\G....-...a....+&.3...,..b.1.0....u.0f...K.j`...@l.6...-.Vb.-....Q.k......p..x\.n......;.....x.......s..\|.~'....~.?..C .....?B.AH

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 50x50, components 3
Category:	dropped
Size (bytes):	1933
Entropy (8bit):	7.679388477891866
Encrypted:	false
SSDEEP:
MD5:	7394DA0F7C1EAF846C10D1FDD077AD8C
SHA1:	B792BF129CE2801B9928D2F660CE8D0277E55CED
SHA-256:	957FA9D8E22009502C40C12D830E48A28DE8CFDCEC5926BFB27830EF3B460611
SHA-512:	7F4007C3BE12A595FA29AE2A6F291B15B6E7784EA4CBAE61369BC5F227E888938B1E0903549DDE4EB03274EDBD3B6F6FDD159E3BECD13E4BCE7F811A06D12AD5
Malicious:	false
Reputation:	unknown
Preview:	......Exif..II.................Ducky.......<......Adobe.d.................................................................................................................................................2.2....................................................................................!..12.A"34Qaq..Rb.Sc.5..TU.6...Br.#$D.7......................!1Q..A.aq."2...R..............?.\|.:.}....4.v...(.&.BK.svR..&.C.....E..S...~..{9.Sj..:.T...P..r...`.qy....,.[?R5.eS\..0...9.1J...$g..oC...M.W.D..he'%n."....m.C}w..._^O/...".y&C".....\mU.Rh.w[..{+..KuVf...Dc...p6.j..J......V.+.o/..y>...j5..z.y.]..V=..T#0......c.6..!(.....[....C#6....S.kv....u.g.o..H....>......%.G.y.;..7..q.g.d..@..G<..=..#O..\|....x.%x#u.u.[..F%.5.&..A.d...\c...8..U...]F..I-^JS......U....7.[..K...9~N..@......[.w........4....a.T....).$}..;.;.....k.[I..v....P\|...N...A.]7/..{mE1.v...KY..*.....@.N4.On)>`.Qu28.q...N..l..;...;.j<.=R...q .o...fv..~.w..m.....v-..x[M.I5...\.5QZ..gf5..<x_..x.l...Cv......

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (1238)
Category:	dropped
Size (bytes):	1239
Entropy (8bit):	5.068464054671174
Encrypted:	false
SSDEEP:
MD5:	9E8F56E8E1806253BA01A95CFC3D392C
SHA1:	A8AF90D7482E1E99D03DE6BF88FED2315C5DD728
SHA-256:	2595496FE48DF6FCF9B1BC57C29A744C121EB4DD11566466BC13D2E52E6BBCC8
SHA-512:	63F0F6F94FBABADC3F774CCAA6A401696E8A7651A074BC077D214F91DA080B36714FD799EB40FED64154972008E34FC733D6EE314AC675727B37B58FFBEBEBEE
Malicious:	false
Reputation:	unknown
Preview:	!function(){"use strict";function e(e){try{if("undefined"==typeof console)return;"error"in console?console.error(e):console.log(e)}catch(e){}}function t(e){return d.innerHTML='<a href="'+e.replace(/"/g,""")+'"></a>',d.childNodes[0].getAttribute("href")\|\|""}function r(e,t){var r=e.substr(t,2);return parseInt(r,16)}function n(n,c){for(var o="",a=r(n,c),i=c+2;i<n.length;i+=2){var l=r(n,i)^a;o+=String.fromCharCode(l)}try{o=decodeURIComponent(escape(o))}catch(u){e(u)}return t(o)}function c(t){for(var r=t.querySelectorAll("a"),c=0;c<r.length;c++)try{var o=r[c],a=o.href.indexOf(l);a>-1&&(o.href="mailto:"+n(o.href,a+l.length))}catch(i){e(i)}}function o(t){for(var r=t.querySelectorAll(u),c=0;c<r.length;c++)try{var o=r[c],a=o.parentNode,i=o.getAttribute(f);if(i){var l=n(i,0),d=document.createTextNode(l);a.replaceChild(d,o)}}catch(h){e(h)}}function a(t){for(var r=t.querySelectorAll("template"),n=0;n<r.length;n++)try{i(r[n].content)}catch(c){e(c)}}function i(t){try{c(t),o(t),a(t)}catch(r){e(r

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text
Category:	downloaded
Size (bytes):	226
Entropy (8bit):	5.309857612691587
Encrypted:	false
SSDEEP:
MD5:	98985F7E2D71A154BDE98DDFD52A9DEE
SHA1:	5E745429DE8BD12522F65376F7B938A63A1161B6
SHA-256:	310181BE069D764BC34EC4628C37B8DEA12AEF582FD506E310BF1004C8B35AA0
SHA-512:	FD1D1EF4E8CA022B0A02BAD1ED7D0243A90B5DF2CAA89B5BED0AA14BE628CE6637EAFF5FB7F13416F344202142DB4AF4B17F786D72607C1D7326C96CCFEBED94
Malicious:	false
Reputation:	unknown
URL:	https://vhgcfj.blob.core.windows.net/favicon.ico
Preview:	.<?xml version="1.0" encoding="utf-8"?><Error><Code>OutOfRangeInput</Code><Message>One of the request inputs is out of range..RequestId:f79a3ba5-801e-00fc-6fa2-566c08000000.Time:2024-12-25T07:52:58.0723174Z</Message></Error>

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (9738), with no line terminators
Category:	downloaded
Size (bytes):	9738
Entropy (8bit):	4.728754788881187
Encrypted:	false
SSDEEP:
MD5:	D4A8D59A54C0D3312FCB6E9C5CE7A8B7
SHA1:	2165D6F0F7A6A14AA84D2B525C6726ED6BC6A54A
SHA-256:	A1B5924D7D4BCFA97503BB44731598A1FE30947DA940E0BEF8273F2C199C61AC
SHA-512:	0F8120CF37F4953D9068FB1B39ECD8336460B415D9FA741640462E8BEC5192977BB88BB26B33D4A6A0A9707216A66F2E126143A452636DBAFC93A03B258B0F2D
Malicious:	false
Reputation:	unknown
URL:	https://pushlite.pushbroker.com/javascripts/service_worker.js?v1
Preview:	var _$_5575=["\x69\x6E\x73\x74\x61\x6C\x6C","\x5B\x50\x55\x53\x48\x4E\x4F\x54\x49\x46\x49\x43\x41\x54\x49\x4F\x4E\x53\x5D\x20\x49\x6E\x73\x74\x61\x6C\x6C\x69\x6E\x67\x20\x73\x65\x72\x76\x69\x63\x65\x20\x77\x6F\x72\x6B\x65\x72","\x6C\x6F\x67","\x73\x6B\x69\x70\x57\x61\x69\x74\x69\x6E\x67","\x77\x61\x69\x74\x55\x6E\x74\x69\x6C","\x61\x64\x64\x45\x76\x65\x6E\x74\x4C\x69\x73\x74\x65\x6E\x65\x72","\x61\x63\x74\x69\x76\x61\x74\x65","\x5B\x50\x55\x53\x48\x4E\x4F\x54\x49\x46\x49\x43\x41\x54\x49\x4F\x4E\x53\x5D\x20\x41\x63\x74\x69\x76\x61\x74\x69\x6E\x67\x20\x73\x65\x72\x76\x69\x63\x65\x20\x77\x6F\x72\x6B\x65\x72","\x63\x6C\x61\x69\x6D","\x63\x6C\x69\x65\x6E\x74\x73","\x6D\x65\x73\x73\x61\x67\x65","\x5B\x50\x55\x53\x48\x4E\x4F\x54\x49\x46\x49\x43\x41\x54\x49\x4F\x4E\x53\x5D\x20\x48\x61\x6E\x64\x6C\x69\x6E\x67\x20\x6D\x65\x73\x73\x61\x67\x65\x20\x65\x76\x65\x6E\x74\x3A","\x70\x75\x73\x68","\x5B\x50\x55\x53\x48\x4E\x4F\x54\x49\x46\x49\x43\x41\x54\x49\x4F\x4E\x53\x5D\x20\x52\x65\x63\x65\x69\x76\x6

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	752
Entropy (8bit):	5.244305016184475
Encrypted:	false
SSDEEP:
MD5:	92CD15FA467DF4C22035473647EC4593
SHA1:	A12D7901141079025AE5428F0D28D364C100CC93
SHA-256:	AB94AD26643A657271747BF95C25321067C6F1F4BFD692FEA09F3E9BE2FFBA9A
SHA-512:	68DB130A6E36687754C11863EACD96F5426909A08C4AE48038C3A0C0EEBA56DD4132B12A0507A523F323D0BDD372342809A544102237664D930B27DEF43C7ABB
Malicious:	false
Reputation:	unknown
URL:	https://yuri.emailsalesgalaxy.com/utils/banners/banner-bf.js?v=1.04
Preview:	var css = 'img.banner { \...position: fixed; \...top: 0; \...width: 150px;\...z-index: 999999999999;\..}\..\n\..@media all and (max-width: 500px) {\...img.banner {\....width: 100px;\...}\..}\..',..head = document.head \|\| document.getElementsByTagName('head')[0],..style = document.createElement('style');....style.type = 'text/css';..if (style.styleSheet){.. // This is required for IE8 and below... style.styleSheet.cssText = css;..} else {.. style.appendChild(document.createTextNode(css));..}..head.appendChild(style);....var img = document.createElement('img');..img.src = "/utils/banners/images/2024-months/2024-12.png?v=1";..img.className = 'banner';..img.onclick = function () { this.style.display = 'none'; }..document.body.appendChild(img);

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:
MD5:	0E920111498FD92C3FBD7F00C428D762
SHA1:	5082EB504DD47582063312CDBE3AB7187FBF3960
SHA-256:	3E45F5E239FF94FE839057AF3EFC8AE568C5C32DBF2D3D0CF1C347E26DFC10AF
SHA-512:	61FF4D176BDAD99FD25255DA2ED84532035592D8BEA79EACB3F76A7C039C3AEC9D5FFB593C5F584E1E54A2FD9A7CD885DFE721A829CF8CFC113C0FB5935AC357
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAlJ2ii6Bw8VExIFDf-qZLM=?alt=proto
Preview:	CgkKBw3/qmSzGgA=

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32003)
Category:	dropped
Size (bytes):	36868
Entropy (8bit):	5.176279342143451
Encrypted:	false
SSDEEP:
MD5:	C5B5B2FA19BD66FF23211D9F844E0131
SHA1:	791AA054A026BDDC0DE92BAD6CF7A1C6E73713D5
SHA-256:	2979F9A6E32FC42C3E7406339EE9FE76B31D1B52059776A02B4A7FA6A4FD280A
SHA-512:	D9EF2AAB411371F5912381C9073422037528C8593AB5B3721BEA926880592F25BD5DFDEC5991CDFE5C5EF5F4E1D54E390E93DFD3BCA3F782AC5071D67B8624D4
Malicious:	false
Reputation:	unknown
Preview:	/!. Bootstrap v3.3.6 (http://getbootstrap.com). * Copyright 2011-2015 Twitter, Inc.. * Licensed under the MIT license. */.if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");+function(a){"use strict";var b=a.fn.jquery.split(" ")[0].split(".");if(b[0]<2&&b[1]<9\|\|1==b[0]&&9==b[1]&&b[2]<1\|\|b[0]>2)throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 3")}(jQuery),+function(a){"use strict";function b(){var a=document.createElement("bootstrap"),b={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var c in b)if(void 0!==a.style[c])return{end:b[c]};return!1}a.fn.emulateTransitionEnd=function(b){var c=!1,d=this;a(this).one("bsTransitionEnd",function(){c=!0});var e=function(){c\|\|a(d).trigger(a.support.transition.end)};return setTimeout(e,b),this},a(function(){a.support.transition=b(),a.support.transition&&(a.event.

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 50x50, components 3
Category:	downloaded
Size (bytes):	1250
Entropy (8bit):	7.500751858824105
Encrypted:	false
SSDEEP:
MD5:	1591D52A640D7AA975BDD1293FC54B6F
SHA1:	91A7738FE43EE74E87BF615559B2D003D994370A
SHA-256:	856A3E25E403C4F577C63B78A2EE734DEEDEB7B77FDB25A600B2A5DDED64F722
SHA-512:	2FACE59C62E78E80DDCEC361F51C9DA9C5BCC6E1DB78141A5E029DBB511DA1C7EC889CEA59E0A85EFF8FF143EAA359E5FE5B6BAE1F1F4BA75B55A7F700D8E840
Malicious:	false
Reputation:	unknown
URL:	https://yuri.emailsalesgalaxy.com/people/5.jpg
Preview:	......Exif..II.................Ducky..............Adobe.d...............................................#%'%#.//33//@@@@@@@@@@@@@@@......................&.....&0#....#0+.'''.+550055@@?@@@@@@@@@@@@......2.2..".................................................................................1.!.2AQ.q."BR3...a...b#...rT5.CS.4.....................!A1a.Qq.r.3C............?.e..BA..<.d..[.+....;4..9p....Q+.R9..O....l./..ep.X...^<.YZ&>......h.q.M..(.E.6.l.(.%..M..v..k>.2PA(.D.cYWP....T.l..7...[....T.....4....?..._.iN...7.a..cH....1.y}bxwR.M..iP......@.e......s.....g..U]~..}.s...G3....H:FW..\..%o..{C.....J)w....m...=>.S.%C..b.\..`.M9G..S.li.g.#.1>.P.7ao..H.m..\|o.9.@H.E.W.....b\\.q..pI...?0.0.....2.0....X..$......?u;..o..s..".vcpX..m.R[..6...9#......L.pi6..U..$....4..U.................6&.+.;.2.....-.6.[..].2...Y..)n[..qS..]U.H....m0D"..1..n.....)...oR....(.Gv.$...%...X...M.3...9M.y~..`..QB...........H$.....Y....k.b.F..f8..N..Oe......11."$2L/.7.....\.-...i..

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32047)
Category:	downloaded
Size (bytes):	95931
Entropy (8bit):	5.394232486761965
Encrypted:	false
SSDEEP:
MD5:	5790EAD7AD3BA27397AEDFA3D263B867
SHA1:	8130544C215FE5D1EC081D83461BF4A711E74882
SHA-256:	2ECD295D295BEC062CEDEBE177E54B9D6B19FC0A841DC5C178C654C9CCFF09C0
SHA-512:	781ACEDC99DE4CE8D53D9B43A158C645EAB1B23DFDFD6B57B3C442B11ACC4A344E0D5B0067D4B78BB173ABBDED75FB91C410F2B5A58F71D438AA6266D048D98A
Malicious:	false
Reputation:	unknown
URL:	https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js
Preview:	/! jQuery v1.11.2 \| (c) 2005, 2014 jQuery Foundation, Inc. \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l="1.11.2",m=function(a,b){return new m.fn.init(a,b)},n=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,o=/^-ms-/,p=/-([\da-z])/gi,q=function(a,b){return b.toUpperCase()};m.fn=m.prototype={jquery:l,constructor:m,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=m.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return m.each(this,a,b)},map:function(a){return this.pushStack(m.map(this,function(b,c){ret

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	44765
Entropy (8bit):	7.967683542380281
Encrypted:	false
SSDEEP:
MD5:	D0E75A752BC7F209E80AEE6FB9209EAA
SHA1:	9243A7CAE9384E61D9C1D6C43F204AEDEC436AC5
SHA-256:	A425B42969799B8E79C423442E92B48341835DE998381CBFEB9B350643672DFE
SHA-512:	4FA8C7B7F9ED1D2A8B1649D2A6648B7BCCC01B77BFCD37DAC0DDEBFBCA0FBE06F3538742F32EF891BB464CE70F66A4819C1C64453BB079D6D1ED3F99BAE6DFB4
Malicious:	false
Reputation:	unknown
URL:	https://yuri.emailsalesgalaxy.com/utils/banners/images/2024-months/2024-12.png?v=1
Preview:	.PNG........IHDR...,...,.....y}.u....pHYs................2iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be90, 2021/12/15-21:25:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CC 2017 (Macintosh)" xmp:CreateDate="2018-11-22T13:54:48-06:00" xmp:MetadataDate="2024-01-10T16:03:16-03:00" xmp:ModifyDate="2024-01-10T16:03:16-03:00" dc:format="image/png" xmpMM:InstanceID="xmp.iid:066e6bce-1805-4c81-b360-763

Static File Info

⊘No static file info

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://t.co/aoHJd5qL2s

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 102

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 119

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 127

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 91

Chrome Cache Entry: 93

Chrome Cache Entry: 95

Chrome Cache Entry: 96

Chrome Cache Entry: 99

Static File Info

Windows Analysis Report
https://t.co/aoHJd5qL2s