Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://we.tl/t-J9PcqXV8XE

Overview

General Information

Sample URL:https://we.tl/t-J9PcqXV8XE
Analysis ID:1648041
Infos:

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Downloads suspicious files via Chrome
Creates files inside the system directory
Deletes files inside the Windows folder
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML title does not match URL

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6380 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6976 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2120,i,200407010641660730,7757674318590756446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2156 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 7300 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2120,i,200407010641660730,7757674318590756446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=3740 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 4088 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=2120,i,200407010641660730,7757674318590756446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=6008 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 7564 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://we.tl/t-J9PcqXV8XE" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • System Summary

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: https://citationcanada.wetransfer.com/checkout?tier=ultimate&billing=monthly&redirect=transfer&lsid=2cc80a21-5f6c-497a-a888-e2d575bf6ef7&t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_s=download_link&t_ts=1742838506&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&paywall=pricing_page&trigger=download_page_openedJoe Sandbox AI: Score: 7 Reasons: The URL 'wetransfer.com' is a legitimate and well-known domain associated with the file transfer service WeTransfer., The subdomain 'citationcanada' does not match the brand 'Google' and appears to be a custom subdomain, which is common for services like WeTransfer., The brand 'Google' is not associated with the domain 'wetransfer.com', indicating a potential mismatch., The presence of a subdomain does not inherently indicate phishing, but the mismatch between the brand and domain is suspicious., The input field for 'Email address' is common for legitimate services but can also be used in phishing attempts. DOM: 3.26.pages.csv
Source: https://citationcanada.wetransfer.com/checkout?tier=ultimate&billing=monthly&redirect=transfer&lsid=2cc80a21-5f6c-497a-a888-e2d575bf6ef7&t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_s=download_link&t_ts=1742838506&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&paywall=pricing_page&trigger=download_page_openedJoe Sandbox AI: Score: 7 Reasons: The brand 'WeTransfer' is a known file transfer service., The URL 'citationcanada.wetransfer.com' uses a subdomain of 'wetransfer.com', which is the legitimate domain for WeTransfer., The presence of input fields for card information is unusual for WeTransfer, which typically does not require such information for its primary service., The subdomain 'citationcanada' is not typically associated with WeTransfer's services and could be used to mislead users., The use of a legitimate domain with a suspicious subdomain is a common tactic in phishing attempts. DOM: 3.34.pages.csv
Source: https://citationcanada.wetransfer.com/checkout?tier=ultimate&billing=monthly&redirect=transfer&lsid=2cc80a21-5f6c-497a-a888-e2d575bf6ef7&t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_s=download_link&t_ts=1742838506&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&paywall=pricing_page&trigger=download_page_openedHTTP Parser: Number of links: 0
Source: https://citationcanada.wetransfer.com/downloads/d46d3e193e4b493c263d86f386640d0120250324174826/b5a87d?t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&t_s=download_link&t_ts=1742838506HTTP Parser: Base64 decoded: auth0|67648b2a5bbb24d5f6345252
Source: https://citationcanada.wetransfer.com/checkout?tier=ultimate&billing=monthly&redirect=transfer&lsid=2cc80a21-5f6c-497a-a888-e2d575bf6ef7&t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_s=download_link&t_ts=1742838506&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&paywall=pricing_page&trigger=download_page_openedHTTP Parser: Title: Secure payment input frame does not match URL
Source: https://citationcanada.wetransfer.com/checkout?tier=ultimate&billing=monthly&redirect=transfer&lsid=2cc80a21-5f6c-497a-a888-e2d575bf6ef7&t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_s=download_link&t_ts=1742838506&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&paywall=pricing_page&trigger=download_page_openedHTTP Parser: Iframe src: https://tagging.wetransfer.com/ns.html?id=GTM-NS54WBW
Source: https://citationcanada.wetransfer.com/checkout?tier=ultimate&billing=monthly&redirect=transfer&lsid=2cc80a21-5f6c-497a-a888-e2d575bf6ef7&t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_s=download_link&t_ts=1742838506&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&paywall=pricing_page&trigger=download_page_openedHTTP Parser: Iframe src: https://insight.adsrvr.org/track/up?adv=81c3jgn&ref=https%3A%2F%2Fcitationcanada.wetransfer.com%2Fcheckout%3Ftier%3Dultimate%26billing%3Dmonthly%26redirect%3Dtransfer%26lsid%3D2cc80a21-5f6c-497a-a888-e2d575bf6ef7%26t_exp%3D1743097706%26t_lsid%3D12ca2034-7cbb-4ac5-955e-0f7cc123da61%26t_network%3Dlink%26t_s%3Ddownload_link%26t_ts%3D1742838506%26t_rid%3DYXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy%26paywall%3Dpricing_page%26trigger%3Ddownload_page_opened&upid=re36kbe&upv=1.1.0&paapi=1
Source: https://citationcanada.wetransfer.com/checkout?tier=ultimate&billing=monthly&redirect=transfer&lsid=2cc80a21-5f6c-497a-a888-e2d575bf6ef7&t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_s=download_link&t_ts=1742838506&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&paywall=pricing_page&trigger=download_page_openedHTTP Parser: Iframe src: https://apps.rokt.com/wsdk/controller/index.2.5657.0.html
Source: https://citationcanada.wetransfer.com/checkout?tier=ultimate&billing=monthly&redirect=transfer&lsid=2cc80a21-5f6c-497a-a888-e2d575bf6ef7&t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_s=download_link&t_ts=1742838506&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&paywall=pricing_page&trigger=download_page_openedHTTP Parser: Iframe src: https://apps.rokt.com/wsdk/plugins/dcui/index.html
Source: https://citationcanada.wetransfer.com/downloads/d46d3e193e4b493c263d86f386640d0120250324174826/b5a87d?t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&t_s=download_link&t_ts=1742838506HTTP Parser: No favicon
Source: https://citationcanada.wetransfer.com/downloads/d46d3e193e4b493c263d86f386640d0120250324174826/b5a87d?t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&t_s=download_link&t_ts=1742838506HTTP Parser: No favicon
Source: https://citationcanada.wetransfer.com/downloads/d46d3e193e4b493c263d86f386640d0120250324174826/b5a87d?t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&t_s=download_link&t_ts=1742838506HTTP Parser: No favicon
Source: https://citationcanada.wetransfer.com/downloads/d46d3e193e4b493c263d86f386640d0120250324174826/b5a87d?t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&t_s=download_link&t_ts=1742838506HTTP Parser: No favicon
Source: https://citationcanada.wetransfer.com/downloads/d46d3e193e4b493c263d86f386640d0120250324174826/b5a87d?t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&t_s=download_link&t_ts=1742838506HTTP Parser: No favicon
Source: https://citationcanada.wetransfer.com/downloads/d46d3e193e4b493c263d86f386640d0120250324174826/b5a87d?t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&t_s=download_link&t_ts=1742838506HTTP Parser: No favicon
Source: https://citationcanada.wetransfer.com/downloads/d46d3e193e4b493c263d86f386640d0120250324174826/b5a87d?t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&t_s=download_link&t_ts=1742838506HTTP Parser: No favicon
Source: https://citationcanada.wetransfer.com/HTTP Parser: No favicon
Source: https://citationcanada.wetransfer.com/HTTP Parser: No favicon
Source: https://citationcanada.wetransfer.com/HTTP Parser: No favicon
Source: https://citationcanada.wetransfer.com/HTTP Parser: No favicon
Source: https://citationcanada.wetransfer.com/pricing?trk=WT202005_signupHTTP Parser: No favicon
Source: https://citationcanada.wetransfer.com/checkout?tier=ultimate&billing=monthly&redirect=transfer&lsid=2cc80a21-5f6c-497a-a888-e2d575bf6ef7&t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_s=download_link&t_ts=1742838506&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&paywall=pricing_page&trigger=download_page_openedHTTP Parser: No favicon
Source: https://citationcanada.wetransfer.com/checkout?tier=ultimate&billing=monthly&redirect=transfer&lsid=2cc80a21-5f6c-497a-a888-e2d575bf6ef7&t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_s=download_link&t_ts=1742838506&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&paywall=pricing_page&trigger=download_page_openedHTTP Parser: No favicon
Source: https://citationcanada.wetransfer.com/checkout?tier=ultimate&billing=monthly&redirect=transfer&lsid=2cc80a21-5f6c-497a-a888-e2d575bf6ef7&t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_s=download_link&t_ts=1742838506&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&paywall=pricing_page&trigger=download_page_openedHTTP Parser: No favicon
Source: https://citationcanada.wetransfer.com/checkout?tier=ultimate&billing=monthly&redirect=transfer&lsid=2cc80a21-5f6c-497a-a888-e2d575bf6ef7&t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_s=download_link&t_ts=1742838506&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&paywall=pricing_page&trigger=download_page_openedHTTP Parser: No favicon
Source: https://citationcanada.wetransfer.com/checkout?tier=ultimate&billing=monthly&redirect=transfer&lsid=2cc80a21-5f6c-497a-a888-e2d575bf6ef7&t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_s=download_link&t_ts=1742838506&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&paywall=pricing_page&trigger=download_page_openedHTTP Parser: No favicon
Source: https://citationcanada.wetransfer.com/checkout?tier=ultimate&billing=monthly&redirect=transfer&lsid=2cc80a21-5f6c-497a-a888-e2d575bf6ef7&t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_s=download_link&t_ts=1742838506&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&paywall=pricing_page&trigger=download_page_openedHTTP Parser: No favicon
Source: https://citationcanada.wetransfer.com/checkout?tier=ultimate&billing=monthly&redirect=transfer&lsid=2cc80a21-5f6c-497a-a888-e2d575bf6ef7&t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_s=download_link&t_ts=1742838506&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&paywall=pricing_page&trigger=download_page_openedHTTP Parser: No favicon
Source: https://citationcanada.wetransfer.com/checkout?tier=ultimate&billing=monthly&redirect=transfer&lsid=2cc80a21-5f6c-497a-a888-e2d575bf6ef7&t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_s=download_link&t_ts=1742838506&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&paywall=pricing_page&trigger=download_page_openedHTTP Parser: No favicon
Source: https://citationcanada.wetransfer.com/checkout?tier=ultimate&billing=monthly&redirect=transfer&lsid=2cc80a21-5f6c-497a-a888-e2d575bf6ef7&t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_s=download_link&t_ts=1742838506&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&paywall=pricing_page&trigger=download_page_openedHTTP Parser: No favicon
Source: https://citationcanada.wetransfer.com/checkout?tier=ultimate&billing=monthly&redirect=transfer&lsid=2cc80a21-5f6c-497a-a888-e2d575bf6ef7&t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_s=download_link&t_ts=1742838506&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&paywall=pricing_page&trigger=download_page_openedHTTP Parser: No favicon
Source: https://citationcanada.wetransfer.com/checkout?tier=ultimate&billing=monthly&redirect=transfer&lsid=2cc80a21-5f6c-497a-a888-e2d575bf6ef7&t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_s=download_link&t_ts=1742838506&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&paywall=pricing_page&trigger=download_page_openedHTTP Parser: No <meta name="author".. found
Source: https://citationcanada.wetransfer.com/checkout?tier=ultimate&billing=monthly&redirect=transfer&lsid=2cc80a21-5f6c-497a-a888-e2d575bf6ef7&t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_s=download_link&t_ts=1742838506&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&paywall=pricing_page&trigger=download_page_openedHTTP Parser: No <meta name="copyright".. found
Source: https://citationcanada.wetransfer.com/checkout?tier=ultimate&billing=monthly&redirect=transfer&lsid=2cc80a21-5f6c-497a-a888-e2d575bf6ef7&t_exp=1743097706&t_lsid=12ca2034-7cbb-4ac5-955e-0f7cc123da61&t_network=link&t_s=download_link&t_ts=1742838506&t_rid=YXV0aDB8Njc2NDhiMmE1YmJiMjRkNWY2MzQ1MjUy&paywall=pricing_page&trigger=download_page_openedHTTP Parser: No <meta name="copyright".. found

System Summary

barindex
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile dump: C:\Users\user\Downloads\AODA Customer Service Standards Training (Comprehensive Content) 1_2 C_I.zip (copy)Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir6380_746250361Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir6380_746250361Jump to behavior
Source: classification engineClassification label: mal52.phis.win@48/2@0/96
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\ac9c96bf-49f5-4d16-ac05-c1fe43aa17da.tmpJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2120,i,200407010641660730,7757674318590756446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2156 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2120,i,200407010641660730,7757674318590756446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=3740 /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://we.tl/t-J9PcqXV8XE"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=2120,i,200407010641660730,7757674318590756446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=6008 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2120,i,200407010641660730,7757674318590756446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2156 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2120,i,200407010641660730,7757674318590756446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=3740 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=2120,i,200407010641660730,7757674318590756446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=6008 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Drive-by Compromise		Windows Management InstrumentationPath Interception1
Process Injection		11
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1648041 URL: https://we.tl/t-J9PcqXV8XE Startdate: 25/03/2025 Architecture: WINDOWS Score: 52 33 AI detected phishing page 2->33 35 Downloads suspicious files via Chrome 2->35 6 chrome.exe 14 2->6         started        10 chrome.exe 2->10         started        process3 dnsIp4 21 192.168.2.14 unknown unknown 6->21 23 192.168.2.15 unknown unknown 6->23 25 5 other IPs or domains 6->25 19 AODA Customer Serv... 1_2 C_I.zip (copy), Zip 6->19 dropped 12 chrome.exe 6->12         started        15 chrome.exe 6->15         started        17 chrome.exe 6->17         started        file5 process6 dnsIp7 27 98.82.154.76 TWC-11351-NORTHEASTUS United States 12->27 29 98.82.157.137 TWC-11351-NORTHEASTUS United States 12->29 31 87 other IPs or domains 12->31

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://we.tl/t-J9PcqXV8XE0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://citationcanada.wetransfer.com/false
    		unknown
    https://citationcanada.wetransfer.com/pricing?trk=WT202005_signupfalse
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      52.85.61.36
      		unknownUnited States
      		16509AMAZON-02USfalse
      151.101.0.84
      		unknownUnited States
      		54113FASTLYUSfalse
      104.18.187.31
      		unknownUnited States
      		13335CLOUDFLARENETUSfalse
      151.101.0.176
      		unknownUnited States
      		54113FASTLYUSfalse
      34.247.143.102
      		unknownUnited States
      		16509AMAZON-02USfalse
      13.226.94.5
      		unknownUnited States
      		16509AMAZON-02USfalse
      3.168.73.45
      		unknownUnited States
      		16509AMAZON-02USfalse
      108.139.47.48
      		unknownUnited States
      		16509AMAZON-02USfalse
      157.240.241.35
      		unknownUnited States
      		32934FACEBOOKUSfalse
      18.238.49.31
      		unknownUnited States
      		16509AMAZON-02USfalse
      151.101.128.84
      		unknownUnited States
      		54113FASTLYUSfalse
      34.204.109.15
      		unknownUnited States
      		14618AMAZON-AESUSfalse
      108.138.112.90
      		unknownUnited States
      		16509AMAZON-02USfalse
      98.82.157.137
      		unknownUnited States
      		11351TWC-11351-NORTHEASTUSfalse
      52.212.235.241
      		unknownUnited States
      		16509AMAZON-02USfalse
      8.28.7.83
      		unknownUnited States
      		62713AS-PUBMATICUSfalse
      142.250.65.238
      		unknownUnited States
      		15169GOOGLEUSfalse
      142.250.80.3
      		unknownUnited States
      		15169GOOGLEUSfalse
      63.32.252.54
      		unknownUnited States
      		16509AMAZON-02USfalse
      69.173.146.5
      		unknownUnited States
      		26667RUBICONPROJECTUSfalse
      142.251.40.130
      		unknownUnited States
      		15169GOOGLEUSfalse
      104.19.230.21
      		unknownUnited States
      		13335CLOUDFLARENETUSfalse
      108.139.29.62
      		unknownUnited States
      		16509AMAZON-02USfalse
      157.240.241.1
      		unknownUnited States
      		32934FACEBOOKUSfalse
      23.40.179.166
      		unknownUnited States
      		16625AKAMAI-ASUSfalse
      18.238.49.111
      		unknownUnited States
      		16509AMAZON-02USfalse
      1.1.1.1
      		unknownAustralia
      		13335CLOUDFLARENETUSfalse
      108.139.33.128
      		unknownUnited States
      		16509AMAZON-02USfalse
      3.33.220.150
      		unknownUnited States
      		8987AMAZONEXPANSIONGBfalse
      108.138.128.52
      		unknownUnited States
      		16509AMAZON-02USfalse
      142.250.80.38
      		unknownUnited States
      		15169GOOGLEUSfalse
      52.54.252.87
      		unknownUnited States
      		14618AMAZON-AESUSfalse
      50.19.26.15
      		unknownUnited States
      		14618AMAZON-AESUSfalse
      13.35.93.22
      		unknownUnited States
      		16509AMAZON-02USfalse
      54.149.209.136
      		unknownUnited States
      		16509AMAZON-02USfalse
      18.173.132.73
      		unknownUnited States
      		3MIT-GATEWAYSUSfalse
      54.186.23.98
      		unknownUnited States
      		16509AMAZON-02USfalse
      142.250.80.78
      		unknownUnited States
      		15169GOOGLEUSfalse
      151.101.128.176
      		unknownUnited States
      		54113FASTLYUSfalse
      142.251.40.100
      		unknownUnited States
      		15169GOOGLEUSfalse
      31.13.71.7
      		unknownIreland
      		32934FACEBOOKUSfalse
      52.85.61.6
      		unknownUnited States
      		16509AMAZON-02USfalse
      52.92.32.66
      		unknownUnited States
      		16509AMAZON-02USfalse
      108.138.128.109
      		unknownUnited States
      		16509AMAZON-02USfalse
      13.35.93.6
      		unknownUnited States
      		16509AMAZON-02USfalse
      52.223.40.198
      		unknownUnited States
      		8987AMAZONEXPANSIONGBfalse
      68.67.160.132
      		unknownUnited States
      		29990ASN-APPNEXUSfalse
      142.251.41.2
      		unknownUnited States
      		15169GOOGLEUSfalse
      13.226.94.102
      		unknownUnited States
      		16509AMAZON-02USfalse
      142.250.65.202
      		unknownUnited States
      		15169GOOGLEUSfalse
      52.85.61.109
      		unknownUnited States
      		16509AMAZON-02USfalse
      44.242.25.221
      		unknownUnited States
      		16509AMAZON-02USfalse
      151.101.64.84
      		unknownUnited States
      		54113FASTLYUSfalse
      3.5.69.108
      		unknownUnited States
      		14618AMAZON-AESUSfalse
      142.250.80.42
      		unknownUnited States
      		15169GOOGLEUSfalse
      18.173.132.44
      		unknownUnited States
      		3MIT-GATEWAYSUSfalse
      54.187.119.242
      		unknownUnited States
      		16509AMAZON-02USfalse
      150.171.28.10
      		unknownUnited States
      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      142.251.40.195
      		unknownUnited States
      		15169GOOGLEUSfalse
      35.211.202.130
      		unknownUnited States
      		19527GOOGLE-2USfalse
      142.250.64.70
      		unknownUnited States
      		15169GOOGLEUSfalse
      3.248.168.38
      		unknownUnited States
      		16509AMAZON-02USfalse
      108.138.128.3
      		unknownUnited States
      		16509AMAZON-02USfalse
      98.82.154.76
      		unknownUnited States
      		11351TWC-11351-NORTHEASTUSfalse
      64.233.180.84
      		unknownUnited States
      		15169GOOGLEUSfalse
      57.144.180.1
      		unknownBelgium
      		2686ATGS-MMD-ASUSfalse
      13.35.93.41
      		unknownUnited States
      		16509AMAZON-02USfalse
      142.250.176.196
      		unknownUnited States
      		15169GOOGLEUSfalse
      52.85.61.89
      		unknownUnited States
      		16509AMAZON-02USfalse
      18.173.132.17
      		unknownUnited States
      		3MIT-GATEWAYSUSfalse
      142.250.65.194
      		unknownUnited States
      		15169GOOGLEUSfalse
      13.35.93.103
      		unknownUnited States
      		16509AMAZON-02USfalse
      54.187.159.182
      		unknownUnited States
      		16509AMAZON-02USfalse
      34.49.212.111
      		unknownUnited States
      		2686ATGS-MMD-ASUSfalse
      104.18.26.193
      		unknownUnited States
      		13335CLOUDFLARENETUSfalse
      13.226.94.53
      		unknownUnited States
      		16509AMAZON-02USfalse
      3.168.73.76
      		unknownUnited States
      		16509AMAZON-02USfalse
      142.250.81.227
      		unknownUnited States
      		15169GOOGLEUSfalse
      54.163.195.10
      		unknownUnited States
      		14618AMAZON-AESUSfalse
      150.171.27.10
      		unknownUnited States
      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      13.226.94.19
      		unknownUnited States
      		16509AMAZON-02USfalse
      142.250.65.228
      		unknownUnited States
      		15169GOOGLEUSfalse
      104.19.229.21
      		unknownUnited States
      		13335CLOUDFLARENETUSfalse
      142.251.40.98
      		unknownUnited States
      		15169GOOGLEUSfalse
      3.171.139.107
      		unknownUnited States
      		16509AMAZON-02USfalse
      142.251.35.168
      		unknownUnited States
      		15169GOOGLEUSfalse
      23.44.136.168
      		unknownUnited States
      		20940AKAMAI-ASN1EUfalse

      Private

      IP
      192.168.2.8
      192.168.2.7
      192.168.2.4
      192.168.2.5
      192.168.2.24
      192.168.2.23
      192.168.2.13
      192.168.2.15
      192.168.2.14

      General Information

      Joe Sandbox version:42.0.0 Malachite
      Analysis ID:1648041
      Start date and time:2025-03-25 14:04:47 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 12m 1s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:browseurl.jbs
      Sample URL:https://we.tl/t-J9PcqXV8XE
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:32
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Detection:MAL
      Classification:mal52.phis.win@48/2@0/96
      EGA Information:Failed
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 0
      • Number of non-executed functions: 0
      • Max analysis timeout: 600s exceeded, the analysis took too long
      • Exclude process from analysis (whitelisted): MpCmdRun.exe, UserOOBEBroker.exe, RuntimeBroker.exe, SIHClient.exe, backgroundTaskHost.exe, audiodg.exe, sppsvc.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
      • Not all processes where analyzed, report is missing behavior information
      • Report size getting too big, too many NtCreateFile calls found.
      • Report size getting too big, too many NtOpenFile calls found.
      • Report size getting too big, too many NtSetInformationFile calls found.
      • Skipping network analysis since amount of network traffic is too extensive
      • VT rate limit hit for: https://we.tl/t-J9PcqXV8XE

      Simulations

      Behavior and APIs

      No simulations

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASNs

      No context

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      C:\Users\user\Downloads\AODA Customer Service Standards Training (Comprehensive Content) 1_2 C_I.zip (copy)

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
      Category:dropped
      Size (bytes):140200342
      Entropy (8bit):7.999460687899636
      Encrypted:true
      SSDEEP:
      MD5:2CE2207EE9E5356B3979C7913D56004E
      SHA1:6B43E75A1AE84238902778FE790FBC9B5416F87D
      SHA-256:709F2E89B727095C6805764871FCDDFF936CC5C6CB6B5275895A87257AE0EDA0
      SHA-512:B8028B61E736F9BC25FD25433B00DC36D3F919B8D48945782F08B1EE8F50491982372CB6D812F626B61CEB6C735499DE0A6B21D9E17E89B1C3B6F5694F75FFB5
      Malicious:true
      Reputation:low
      Preview:PK.........hxZ...F...........story_content/thumbnail.jpg..WX._....BG `."%@......&*..H.*(.I...Mz.P@ .. .E...H......f.d.ff=G...........w.p..............2@.@NF."#%..@....`.j**j..F:0.+.'.+;;7...7...;...........RP.K+I....g. ...5.5..."...#.............y.D.@bz..A....$../..o........)(...h.. ................ .'e..R'c4...z...RK..4...P.....z.SP2........@a.r.p......ut..&h................_?.................leU5...............a<adtfv......o..[.;.......<;...u......b..i..\....HH.I@...$.....$.<Rd... ./F^.0r.FjiS?....?&[.iJf~.7............"....o.%.51......T.%h........P...&T..i..8..2).^.0x..cMu:U.C..\.h.....9l.@...4..M.2a.S.np9O..G[..&B.$.2.\f..ajRZ.......,W..K...m..f`....^......."..}.7.}g\...L..S....3+)..4j..*W&.....=p...2h[.Tr... ..\x.....]....{.[.|._ku...u...../?d......=].n......$....JT....3...M%8....>9......{o.+Nf~Z..B...:.1d.D..b<A....tS.\...G/.@..1.+z..t4.....0.-R./D...}(....es?(.....I.q...z}....*..r..o.p.S...'..g.k.._._..u. .WkQ.N...v/...}.].%....F..-1..|ZJ.3.

      C:\Users\user\Downloads\AODA Customer Service Standards Training (Comprehensive Content) 1_2 C_I.zip.crdownload

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
      Category:dropped
      Size (bytes):140200342
      Entropy (8bit):7.999460687899636
      Encrypted:true
      SSDEEP:
      MD5:2CE2207EE9E5356B3979C7913D56004E
      SHA1:6B43E75A1AE84238902778FE790FBC9B5416F87D
      SHA-256:709F2E89B727095C6805764871FCDDFF936CC5C6CB6B5275895A87257AE0EDA0
      SHA-512:B8028B61E736F9BC25FD25433B00DC36D3F919B8D48945782F08B1EE8F50491982372CB6D812F626B61CEB6C735499DE0A6B21D9E17E89B1C3B6F5694F75FFB5
      Malicious:false
      Reputation:low
      Preview:PK.........hxZ...F...........story_content/thumbnail.jpg..WX._....BG `."%@......&*..H.*(.I...Mz.P@ .. .E...H......f.d.ff=G...........w.p..............2@.@NF."#%..@....`.j**j..F:0.+.'.+;;7...7...;...........RP.K+I....g. ...5.5..."...#.............y.D.@bz..A....$../..o........)(...h.. ................ .'e..R'c4...z...RK..4...P.....z.SP2........@a.r.p......ut..&h................_?.................leU5...............a<adtfv......o..[.;.......<;...u......b..i..\....HH.I@...$.....$.<Rd... ./F^.0r.FjiS?....?&[.iJf~.7............"....o.%.51......T.%h........P...&T..i..8..2).^.0x..cMu:U.C..\.h.....9l.@...4..M.2a.S.np9O..G[..&B.$.2.\f..ajRZ.......,W..K...m..f`....^......."..}.7.}g\...L..S....3+)..4j..*W&.....=p...2h[.Tr... ..\x.....]....{.[.|._ku...u...../?d......=].n......$....JT....3...M%8....>9......{o.+Nf~Z..B...:.1d.D..b<A....tS.\...G/.@..1.+z..t4.....0.-R./D...}(....es?(.....I.q...z}....*..r..o.p.S...'..g.k.._._..u. .WkQ.N...v/...}.].%....F..-1..|ZJ.3.

      Static File Info

      No static file info

      File Icon

      Icon Hash:00b29a8e86828200

      Network Behavior

      Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

      Statistics

      CPU Usage

      Click to jump to process

      Memory Usage

      0200400s0.0050100150MB

      Click to jump to process

      Behavior

      Click to jump to process

      System Behavior

      General

      Target ID:1
      Start time:09:05:34
      Start date:25/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Imagebase:0x7ff6ea470000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false
      Show Windows behavior

      File Activities

      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      Show Windows behavior

      COM Activities

      Show Windows behavior

      Process Activities

      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      Show Windows behavior

      Memory Activities

      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      Show Windows behavior

      Process Token Activities


      General

      Target ID:4
      Start time:09:05:39
      Start date:25/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2120,i,200407010641660730,7757674318590756446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2156 /prefetch:3
      Imagebase:0x7ff6ea470000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false
      Show Windows behavior

      File Activities

      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      Show Windows behavior

      Memory Activities

      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

      General

      Target ID:9
      Start time:09:05:42
      Start date:25/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2120,i,200407010641660730,7757674318590756446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=3740 /prefetch:8
      Imagebase:0x7ff6ea470000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false
      Show Windows behavior

      File Activities

      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      Show Windows behavior

      Memory Activities


      General

      Target ID:12
      Start time:09:05:45
      Start date:25/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://we.tl/t-J9PcqXV8XE"
      Imagebase:0x7ff6ea470000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:true
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      Show Windows behavior

      Memory Activities


      General

      Target ID:16
      Start time:09:06:30
      Start date:25/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=2120,i,200407010641660730,7757674318590756446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=6008 /prefetch:8
      Imagebase:0x7ff6ea470000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:false
      Has administrator privileges:false
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false
      Show Windows behavior

      File Activities

      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      Show Windows behavior

      Memory Activities


      Disassembly

      No disassembly