Edit tour

Windows Analysis Report
https://www2.pcrecruiter.net/rest/uiapi/campaigns/redirect?pcrCKey=PRXHA43HFYUIVUTVMVEZHECXITCQ2XUZOJP4XQX25XXHVJBMSE4MOSI3T6RNRM3NCRLTUY3FZYKKMP3I5Q2ASX3NCDE53IRTHOLE4VFHVBQRAEYBMK565X5YAALRCXJUMJ3B5TACOBUY62V2X3OCWETLOMBV56SNMR263X6XFNJ664YRX4MPUMPPOWQ3PCTAMMEWUIF7MYRZ4OPVVQUR3JXXDAP2MOTYVZZDGKS52

Overview

General Information

Sample URL:	https://www2.pcrecruiter.net/rest/uiapi/campaigns/redirect?pcrCKey=PRXHA43HFYUIVUTVMVEZHECXITCQ2XUZOJP4XQX25XXHVJBMSE4MOSI3T6RNRM3NCRLTUY3FZYKKMP3I5Q2ASX3NCDE53IRTHOLE4VFHVBQRAEYBMK565X5YAALRCXJUMJ3B5
Analysis ID:	1676244
Infos:

Detection

Score:	0
Range:	0 - 100
Confidence:	100%

Signatures

Detected hidden input values containing email addresses (often used in phishing pages)

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6324 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6552 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1948,i,9304700735862092733,2374075605740702115,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 3944 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www2.pcrecruiter.net/rest/uiapi/campaigns/redirect?pcrCKey=PRXHA43HFYUIVUTVMVEZHECXITCQ2XUZOJP4XQX25XXHVJBMSE4MOSI3T6RNRM3NCRLTUY3FZYKKMP3I5Q2ASX3NCDE53IRTHOLE4VFHVBQRAEYBMK565X5YAALRCXJUMJ3B5TACOBUY62V2X3OCWETLOMBV56SNMR263X6XFNJ664YRX4MPUMPPOWQ3PCTAMMEWUIF7MYRZ4OPVVQUR3JXXDAP2MOTYVZZDGKS525HX4HCL75CHHQZ6GNDZ3UMZ5PTRQZU7QQL7MMVOBEZP4TQWRFMHUSZTXUS6PLN555HKKEUAE6BBAEEKKH3B7HB6QF6UO6AV6AKBMR73V4V7PWT6NXC7VHYDOSAEEUC5XI7VCPYJ7SSXLN6XNAGH2CRQYPLGUHIUUZQRSZQYH7E5QI5TTFAQUBMDVQ2FK46I6X4LZUYPPDZHCZSCTSJNBTHOHYY4PTE2DAK65RVRHUQVVYAITEJFADJAMHOTN5NPXKXQ%3D%3D%3D%3D" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

HTTP traffic detected: POST /pcrbin/letter.exe HTTP/1.1Host: www2.pcrecruiter.netConnection: keep-aliveContent-Length: 208Cache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Origin: https://www2.pcrecruiter.netContent-Type: application/x-www-form-urlencodedUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://www2.pcrecruiter.net/pcrbin/letter.aspx?i1=&i2=REMOVAL&i3=lbailey%40pike.com&caid=134586340221653&bulkcategory=512&pcr-id=fG5wc2cuP2KgoyT35oVRHGSSKAi3VISTrGeAXAMvHu18FKuTzIB7nXt5rc81zNQ5zSkn%2BFA%3DAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: staff%20financial.npsg=1

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 68.171.3.30:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 68.171.3.30:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 68.171.3.30:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 68.171.3.30:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 68.171.3.30:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.69.4:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 68.171.3.30:443 -> 192.168.2.16:49725 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@18/9@8/22

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1948,i,9304700735862092733,2374075605740702115,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www2.pcrecruiter.net/rest/uiapi/campaigns/redirect?pcrCKey=PRXHA43HFYUIVUTVMVEZHECXITCQ2XUZOJP4XQX25XXHVJBMSE4MOSI3T6RNRM3NCRLTUY3FZYKKMP3I5Q2ASX3NCDE53IRTHOLE4VFHVBQRAEYBMK565X5YAALRCXJUMJ3B5TACOBUY62V2X3OCWETLOMBV56SNMR263X6XFNJ664YRX4MPUMPPOWQ3PCTAMMEWUIF7MYRZ4OPVVQUR3JXXDAP2MOTYVZZDGKS525HX4HCL75CHHQZ6GNDZ3UMZ5PTRQZU7QQL7MMVOBEZP4TQWRFMHUSZTXUS6PLN555HKKEUAE6BBAEEKKH3B7HB6QF6UO6AV6AKBMR73V4V7PWT6NXC7VHYDOSAEEUC5XI7VCPYJ7SSXLN6XNAGH2CRQYPLGUHIUUZQRSZQYH7E5QI5TTFAQUBMDVQ2FK46I6X4LZUYPPDZHCZSCTSJNBTHOHYY4PTE2DAK65RVRHUQVVYAITEJFADJAMHOTN5NPXKXQ%3D%3D%3D%3D"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1948,i,9304700735862092733,2374075605740702115,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Extra Window Memory Injection	1 Extra Window Memory Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Source	Detection	Scanner	Label	Link
https://www2.pcrecruiter.net/rest/uiapi/campaigns/redirect?pcrCKey=PRXHA43HFYUIVUTVMVEZHECXITCQ2XUZOJP4XQX25XXHVJBMSE4MOSI3T6RNRM3NCRLTUY3FZYKKMP3I5Q2ASX3NCDE53IRTHOLE4VFHVBQRAEYBMK565X5YAALRCXJUMJ3B5TACOBUY62V2X3OCWETLOMBV56SNMR263X6XFNJ664YRX4MPUMPPOWQ3PCTAMMEWUIF7MYRZ4OPVVQUR3JXXDAP2MOTYVZZDGKS525HX4HCL75CHHQZ6GNDZ3UMZ5PTRQZU7QQL7MMVOBEZP4TQWRFMHUSZTXUS6PLN555HKKEUAE6BBAEEKKH3B7HB6QF6UO6AV6AKBMR73V4V7PWT6NXC7VHYDOSAEEUC5XI7VCPYJ7SSXLN6XNAGH2CRQYPLGUHIUUZQRSZQYH7E5QI5TTFAQUBMDVQ2FK46I6X4LZUYPPDZHCZSCTSJNBTHOHYY4PTE2DAK65RVRHUQVVYAITEJFADJAMHOTN5NPXKXQ%3D%3D%3D%3D	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://www2.pcrecruiter.net/rest/uiapi/css/fonticons/default?ver=202504221429580	0%	Avira URL Cloud	safe
https://www.pcrecruiter.net/PCR.ico	0%	Avira URL Cloud	safe
https://www2.pcrecruiter.net/pcrimg/inc/helperendext.js?ver=202504221429580	0%	Avira URL Cloud	safe
https://www2.pcrecruiter.net/pcrimg/inc/web2.css?ver=202504221429580	0%	Avira URL Cloud	safe
https://www2.pcrecruiter.net/pcrimg/inc/helper.js?ver=202504221429580	0%	Avira URL Cloud	safe
https://www2.pcrecruiter.net/pcrimg/inc/dropdowns.js?ver=202504221429580	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www2.pcrecruiter.net	68.171.3.30	true	false	unknown
www.pcrecruiter.net	68.171.3.30	true	false	unknown
www.google.com	142.250.69.4	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.pcrecruiter.net/PCR.ico	false	Avira URL Cloud: safe	unknown
https://www2.pcrecruiter.net/rest/uiapi/css/fonticons/default?ver=202504221429580	false	Avira URL Cloud: safe	unknown
https://www2.pcrecruiter.net/pcrimg/inc/helper.js?ver=202504221429580	false	Avira URL Cloud: safe	unknown
https://www2.pcrecruiter.net/pcrimg/inc/dropdowns.js?ver=202504221429580	false	Avira URL Cloud: safe	unknown
https://www2.pcrecruiter.net/rest/uiapi/campaigns/redirect?pcrCKey=PRXHA43HFYUIVUTVMVEZHECXITCQ2XUZOJP4XQX25XXHVJBMSE4MOSI3T6RNRM3NCRLTUY3FZYKKMP3I5Q2ASX3NCDE53IRTHOLE4VFHVBQRAEYBMK565X5YAALRCXJUMJ3B5TACOBUY62V2X3OCWETLOMBV56SNMR263X6XFNJ664YRX4MPUMPPOWQ3PCTAMMEWUIF7MYRZ4OPVVQUR3JXXDAP2MOTYVZZDGKS525HX4HCL75CHHQZ6GNDZ3UMZ5PTRQZU7QQL7MMVOBEZP4TQWRFMHUSZTXUS6PLN555HKKEUAE6BBAEEKKH3B7HB6QF6UO6AV6AKBMR73V4V7PWT6NXC7VHYDOSAEEUC5XI7VCPYJ7SSXLN6XNAGH2CRQYPLGUHIUUZQRSZQYH7E5QI5TTFAQUBMDVQ2FK46I6X4LZUYPPDZHCZSCTSJNBTHOHYY4PTE2DAK65RVRHUQVVYAITEJFADJAMHOTN5NPXKXQ%3D%3D%3D%3D	false		unknown
https://www2.pcrecruiter.net/pcrbin/letter.aspx?i1=&i2=REMOVAL&i3=lbailey%40pike.com&caid=134586340221653&bulkcategory=512&pcr-id=fG5wc2cuP2KgoyT35oVRHGSSKAi3VISTrGeAXAMvHu18FKuTzIB7nXt5rc81zNQ5zSkn%2BFA%3D	false		unknown
https://www2.pcrecruiter.net/pcrimg/inc/web2.css?ver=202504221429580	false	Avira URL Cloud: safe	unknown
https://www2.pcrecruiter.net/pcrbin/letter.exe	false		unknown
https://www2.pcrecruiter.net/pcrimg/inc/helperendext.js?ver=202504221429580	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.69.4	www.google.com	United States	15169	GOOGLEUS	false
142.250.68.234	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
192.178.49.174	unknown	United States	15169	GOOGLEUS	false
142.250.141.84	unknown	United States	15169	GOOGLEUS	false
142.250.68.227	unknown	United States	15169	GOOGLEUS	false
68.171.3.30	www2.pcrecruiter.net	United States	26722	MAIN-SEQUENCE-TECHNOLOGIESUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1676244
Start date and time:	2025-04-28 14:16:44 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://www2.pcrecruiter.net/rest/uiapi/campaigns/redirect?pcrCKey=PRXHA43HFYUIVUTVMVEZHECXITCQ2XUZOJP4XQX25XXHVJBMSE4MOSI3T6RNRM3NCRLTUY3FZYKKMP3I5Q2ASX3NCDE53IRTHOLE4VFHVBQRAEYBMK565X5YAALRCXJUMJ3B5TACOBUY62V2X3OCWETLOMBV56SNMR263X6XFNJ664YRX4MPUMPPOWQ3PCTAMMEWUIF7MYRZ4OPVVQUR3JXXDAP2MOTYVZZDGKS525HX4HCL75CHHQZ6GNDZ3UMZ5PTRQZU7QQL7MMVOBEZP4TQWRFMHUSZTXUS6PLN555HKKEUAE6BBAEEKKH3B7HB6QF6UO6AV6AKBMR73V4V7PWT6NXC7VHYDOSAEEUC5XI7VCPYJ7SSXLN6XNAGH2CRQYPLGUHIUUZQRSZQYH7E5QI5TTFAQUBMDVQ2FK46I6X4LZUYPPDZHCZSCTSJNBTHOHYY4PTE2DAK65RVRHUQVVYAITEJFADJAMHOTN5NPXKXQ%3D%3D%3D%3D
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@18/9@8/22

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 192.178.49.174, 142.250.68.227, 142.250.141.84
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://www2.pcrecruiter.net/rest/uiapi/campaigns/redirect?pcrCKey=PRXHA43HFYUIVUTVMVEZHECXITCQ2XUZOJP4XQX25XXHVJBMSE4MOSI3T6RNRM3NCRLTUY3FZYKKMP3I5Q2ASX3NCDE53IRTHOLE4VFHVBQRAEYBMK565X5YAALRCXJUMJ3B5TACOBUY62V2X3OCWETLOMBV56SNMR263X6XFNJ664YRX4MPUMPPOWQ3PCTAMMEWUIF7MYRZ4OPVVQUR3JXXDAP2MOTYVZZDGKS525HX4HCL75CHHQZ6GNDZ3UMZ5PTRQZU7QQL7MMVOBEZP4TQWRFMHUSZTXUS6PLN555HKKEUAE6BBAEEKKH3B7HB6QF6UO6AV6AKBMR73V4V7PWT6NXC7VHYDOSAEEUC5XI7VCPYJ7SSXLN6XNAGH2CRQYPLGUHIUUZQRSZQYH7E5QI5TTFAQUBMDVQ2FK46I6X4LZUYPPDZHCZSCTSJNBTHOHYY4PTE2DAK65RVRHUQVVYAITEJFADJAMHOTN5NPXKXQ%3D%3D%3D%3D

Created / dropped Files

Chrome Cache Entry: 39

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (352), with CRLF line terminators
Category:	downloaded
Size (bytes):	55801
Entropy (8bit):	5.224680777765472
Encrypted:	false
SSDEEP:
MD5:	7979C5EFF6C67C4987C3A23072E78C6D
SHA1:	2B51ABFC2D0DA06AE503AC6471FCC9DA4E54B171
SHA-256:	CDA8BD1F782A5F50D5693DD07EF8430937604A68EBF6839CAF8C67D249A21DBA
SHA-512:	5423970C3135294A8E5F3B2726BB68DF716DF17B9F181FAF4B667CFD0A2805AA8CB7401AA8A75A4008AA75D57C3825D4DA91F1323572DB5C8DDE390C4DB0FF3C
Malicious:	false
Reputation:	unknown
URL:	https://www2.pcrecruiter.net/pcrimg/inc/helper.js?ver=202504221429580
Preview:	//helper functions....//returns an element's object (by id)..function g(id)..{...if(typeof id=='object' \|\| typeof id=='function') return(id);...return(document.getElementById(id));..}....//returns multiple element array (by name)..function gg(id)..{...if(typeof id=='object' \|\| typeof id=='function') return(id);...return(document.getElementsByName(id));..}....//returns an element's .style object..function s(id)..{...return(g(id).style);..}....//returns an element's .value..function v(id)..{...return(g(id).value);..}....//get/set an element's attribute value (leave val empty to get the value)..function a(id,attr,val)..{...var o=g(id).attributes[attr];...if(o)...{....if(val) o.value=val;....else val=o.value;....return(val);...}...return(null);..}....//set browser status line..function pws(val)..{...if(window.status!='Submitting Form'){window.status=val};..}....//sets the location of a frame to an obj (should probably be a <a> tag)..function setloc(frame,obj)..{...try{parent.frames[frame].

Chrome Cache Entry: 40

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.75
Encrypted:	false
SSDEEP:
MD5:	3A07E5DB1DB81BEFD8FF7B59F5492FF5
SHA1:	BE28333EB52E74B210C81967103DBB54F31CE4A6
SHA-256:	AF9AF4904A0850E2C924AEB10B478DCEFAB5FC2B47D60FDE3D0F7459D1736531
SHA-512:	FF97F7A46BFE0781BBAEDEB552C8FB8DB3E1B62AFC5BE0FD34EE9C8F39D67BA632D93A4AE8F68CA2064F9A932DEF2A65FA7C7BE5682A724EA341E17DDD1A82C8
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCZ0B862WnLKIEgUNeEu4QiEuHQPLHn0ihA==?alt=proto
Preview:	CgkKBw14S7hCGgA=

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	21102
Entropy (8bit):	5.227405591686104
Encrypted:	false
SSDEEP:
MD5:	9ED01E722E2741B56235A6A523295663
SHA1:	32C296367387D5BCE84A415D073AA5F8B50459F9
SHA-256:	8A96D17B2F4CCA9446B86C3EBB52DC58AC6E503F6D9B52793E80B10FE583B15A
SHA-512:	C396C1CBD0253D63F8755DB83ECE5C4A0E6E66ACBDD6E02FBB4A3781A1B14EA7C0B417C1EB89868890EF3EA100023158DA908C7E03A147679753DCCF0AFB23CC
Malicious:	false
Reputation:	unknown
URL:	https://www2.pcrecruiter.net/pcrimg/inc/web2.css?ver=202504221429580
Preview:	form {...margin: 0px...}.....pcrtable./* Font for all tables /..{...font: normal 11px arial, sans-serif;..}...pcrtable TD./ vertical align top for all tables NOTICE: DO NOT MOVE MUST REMAIN ON TOP /..{...VERTICAL-ALIGN: top;..}../ NEW BEG BUTTONS /.....med1over, .med1over IMG./ basic button image, left side /..{...background-image: url(/pcrimg/inc/leftextcap.gif);...background-color: #eaeaea;...font-size: 1px;...width: 2px;...height: 15px;...cursor: pointer;...filter:alpha(opacity=85);...-moz-opacity: 0.85;..}...med2over./ basic button image, repating center section /..{...background-image: url(/pcrimg/inc/centext.gif);...background-color: #eaeaea;...cursor: pointer;...height: 15px;...font-size: 1px;...padding-left: 3px;...padding-right: 3px;...vertical-align: center;...text-align: left;...filter:alpha(opacity=85);...-moz-opacity: 0.85;..}...med3over, .med3over IMG./ basic button image, right side */..{...background-image: url(/pcrimg/inc/rightextcap.gif);...background-color:

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 16x16, 24 bits/pixel, 32x32, 24 bits/pixel
Category:	downloaded
Size (bytes):	7974
Entropy (8bit):	6.745382153961718
Encrypted:	false
SSDEEP:
MD5:	F2D0C0EC979540D333E991EC26E6F970
SHA1:	F0FA31EBC9C8B2427DF4879F1FD17978960F27F4
SHA-256:	0ACB75409FF7BAE0546051232AAB0C13ABE0EAE8152C51E52EAD8008514A3664
SHA-512:	17F88358A48C6FEB4C5CC8FCEC3A49F164101346177511091FA6F21B015CFBBBE8F1F44BF95D90D2EC91B2E3E88CE428F8D601E1FD7D66B568994C1029F379A4
Malicious:	false
Reputation:	unknown
URL:	https://www.pcrecruiter.net/PCR.ico
Preview:	..............h...6... ..........................F...(....... ...........@........................................J4.G.3....................................J%.J%.K2.G.4F.7F.7........................K$.K$.K%.J%.J3.G.3F.7F.7F.8F.8...............L$.L$.K$.K%.K%.K2.G.4F.7F.7F.8F.8F.8.........y=.^..N&.L$.K%.K%.K2.F.3F.7F.7E.7E.6C./>r!.......H..E.t:.X+.M%.K%.K3.F.3F.7E.7D.2?x$<e.;a........H..H..G..C.l6.S).K3.F.3D.4@.(=h.;b.<b.;a........H..H..H..H..H..B.d@.Dw(=l.<b.;a.;a.<b.;a........I..I..I..I..L..g,..I=?.6M.;_.:`.:`.;a.:`........I..I..J..]$..I..h..c9-.(...5.7S.:_.;`.:`........I..T...?..c..o..p..d9-.'..&..(!.0=.8Y.:`........t6..\..n..p..p..p..d9,.'..&..&..&..*&.3E............p..p..p..p..p..d9,.'..&..%..%..%......................q..p..p..d9-.'..&..%...............................p..p..d9,.'..&........................................a=1......................................................................................(... ...@.................................................................

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (638), with CRLF line terminators
Category:	downloaded
Size (bytes):	44310
Entropy (8bit):	4.7826311925609435
Encrypted:	false
SSDEEP:
MD5:	7BBEE77AC6C983C9C5F7D93C6EAF7DF3
SHA1:	19B2B9CF8A3FF54EC112BF944A4B1BCAA52FEA22
SHA-256:	B9A0EFFFB3977C0E64F6A93864922EEAFFDBE28751979692F26FD904602CEAD4
SHA-512:	3D93AE5DB0697EA2806571B35E158E93434E7AAFFE51FE4CE22C3EFCF02640D2FBAFDC3C34C4B388178C64626511DC431DC9B02DE0D06168D4F7FB7A5A1C3C31
Malicious:	false
Reputation:	unknown
URL:	https://www2.pcrecruiter.net/pcrimg/inc/dropdowns.js?ver=202504221429580
Preview:	var isNewWindow = false;..var dialogReturn = false;....//assure that a <div> element exists in the <body> element to hold a dialog (only creates if it doesn't exist yet)..//sId is the dialog id (i.e. wijmo-dialog5)..function createContainer(sId) {.. var $item = $('#' + sId);.. if ($item.length > 0) $item.remove();.. $item = $('<div pagecontainer="true" id="' + sId + '"></div>');.. $('body').append($item);.. return $item;..}....//retrieve a <div> element for a dialog that was created with createContainer()..function getContainer(sId) {.. return $(sId);..}....//determines if a dialog's parent is a modal dialog (returns false if it is anything else, including a non-modal dialog)..function isParentModalDialog() {.. if (parent.$('.miniframe .minimodal').length > 0) { return true; } else { return false; }..}....//determine if a dialog is a non-modal one or not..//if you don't pass in a name, it will use the current dialog's name..//the top level PCR window is also consid

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	35133
Entropy (8bit):	4.8832279849768465
Encrypted:	false
SSDEEP:
MD5:	0CF252CCB75E7CD97893491A9CEA4456
SHA1:	E2917148DBEB722437BBC6F56FCB3D48184C9B87
SHA-256:	C5E9B64BB0732BD6299777A4E0F43FBA444575A0D2D11966047444B4D1DEF944
SHA-512:	7D141F870A2E66EF88D20768CB1BB5B52FBD8FF42AFC06A3D2BA5E09EC1DFC4F2863A6EBEA84D7A6124DE2B9DC55D14D42BA392C714314D5A973503DB652E2EB
Malicious:	false
Reputation:	unknown
URL:	https://www2.pcrecruiter.net/rest/uiapi/css/fonticons/default?ver=202504221429580
Preview:	@font-face {.. font-family: 'PCRIcons20221024';.. src: url('../../../../pcr/app/myfonts/fonts/PCRIcons20221024.eot?17tk1i');.. src: url('../../../../pcr/app/myfonts/fonts/PCRIcons20221024.eot?17tk1i#iefix') format('embedded-opentype'),.. url('../../../../pcr/app/myfonts/fonts/PCRIcons20221024.ttf?17tk1i') format('truetype'),.. url('../../../../pcr/app/myfonts/fonts/PCRIcons20221024.woff?17tk1i') format('woff'),.. url('../../../../pcr/app/myfonts/fonts/PCRIcons20221024.svg?17tk1i#PCRIcons20221024') format('svg');.. font-weight: normal;.. font-style: normal;.. font-display: block;..}....[class^="icon-"], [class=" icon-"] {.. / use !important to prevent issues with browser extensions that change fonts /.. font-family: 'PCRIcons20221024' !important;.. speak: never;.. font-style: normal;.. font-weight: normal;.. font-variant: normal;.. text-transform: none;.. line-height: 1;.... / Better Font Rendering =========== */.. -webkit-font-smoothing: antialiased;.. -

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	249
Entropy (8bit):	4.984897285264533
Encrypted:	false
SSDEEP:
MD5:	5BB8E5F7DA6527E8035A95AFDB0D2E77
SHA1:	899667BD2F93F634620039A312C88601139835FC
SHA-256:	CE530C27D8C3CF53BE12164D0B46966C83ABBE862B1F497505C8A9AFAFC6FB04
SHA-512:	BF7AB75965C32544B28654EA6CE584C8B35453D9C3F4AEC5BB3BE5F6822DEECF44ADA16FCCF42C5656DAD31E741B35C83A75AB1B99E6EA3A7670180EC8D11A9E
Malicious:	false
Reputation:	unknown
URL:	https://www2.pcrecruiter.net/pcrimg/inc/helperendext.js?ver=202504221429580
Preview:	if(window.top != window && window.parent && document.location.href.indexOf('/pcrbin/reg7') > -1) {.. if(window.parent.document.getElementsByClassName('cgiframe').length == 1){.. document.documentElement.style ="background:#fff;";.. }..}

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	3635
Entropy (8bit):	5.504837114376599
Encrypted:	false
SSDEEP:
MD5:	ECFAAD03DF8C93CE92A82CF8169611B4
SHA1:	49CFD0512CC29203074D20622BE8A658ED2B6CDC
SHA-256:	7EE7CEB89AA261212DF5882D08FA19A21F6C7AFEFF11767D072B4F4347052415
SHA-512:	195586EA74003A15ED3090760AAD3B9E8BC2A184B8895775EF6CD5A0BD1307652D2AF74E5D54F8C38420E5C5C721C951FF16FBD79A7925B5E065441BC70B7089
Malicious:	false
Reputation:	unknown
URL:	https://www2.pcrecruiter.net/pcrbin/letter.aspx?i1=&i2=REMOVAL&i3=lbailey%40pike.com&caid=134586340221653&bulkcategory=512&pcr-id=fG5wc2cuP2KgoyT35oVRHGSSKAi3VISTrGeAXAMvHu18FKuTzIB7nXt5rc81zNQ5zSkn%2BFA%3D
Preview:	<!DOCTYPE HTML>....<html>..<HEAD>..<TITLE>Remove Email Address</TITLE>..<meta http-equiv="X-UA-Compatible" content="IE=edge" />..<meta name="viewport" content="width=device-width, initial-scale=1">..<link rel="icon" href="https://www.pcrecruiter.net/PCR.ico" type="image/x-icon">..<link rel="shortcut icon" href="https://www.pcrecruiter.net/PCR.ico" type="image/x-icon">..<script SRC="/pcrimg/inc/helper.js?ver=202504221429580"></script>....<link rel="stylesheet" href="/pcrimg/inc/web2.css?ver=202504221429580">.. [if IE 6]>..<link rel="stylesheet" href="/pcrimg/inc/web2-ie6.css?ver=202504221429580" media="screen" type="text/css">..<![endif]-->.. [if IE 7]>..<link rel="stylesheet" href="/pcrimg/inc/web2-ie7.css?ver=202504221429580" media="screen" type="text/css">..<![endif]-->.. [if IE 8]>..<link rel="stylesheet" href="/pcrimg/inc/web2-ie8.css?ver=202504221429580" media="screen" type="text/css">..<![endif]-->..<script src="/pcrimg/inc/dropdowns.js?ver=202504221429580"></script>..<l

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	3066
Entropy (8bit):	5.523083720528307
Encrypted:	false
SSDEEP:
MD5:	C5AE97F5699E8BB66799AD6CDB44613E
SHA1:	97D887E03C01F44317C3801EECC919DBD6A7E93D
SHA-256:	AFAACBDF131DEE8C4A46F619FF550F7037D4938D3AF3D34F8A9E2E1D954FCE3B
SHA-512:	BDA3850AE2AE038E8A5873D28BF0448FD2B7A4ADD6C000C67A56F104639286CB6C371293771E213E4130AB9925C86009494B963A312983CB7D670254B78835D2
Malicious:	false
Reputation:	unknown
URL:	https://www2.pcrecruiter.net/pcrbin/letter.exe
Preview:	<!DOCTYPE HTML>....<html>..<HEAD>..<TITLE>Remove Email Address</TITLE>..<meta http-equiv="X-UA-Compatible" content="IE=edge" />..<meta name="viewport" content="width=device-width, initial-scale=1">..<link rel="icon" href="https://www.pcrecruiter.net/PCR.ico" type="image/x-icon">..<link rel="shortcut icon" href="https://www.pcrecruiter.net/PCR.ico" type="image/x-icon">..<script SRC="/pcrimg/inc/helper.js?ver=202504221429580"></script>....<link rel="stylesheet" href="/pcrimg/inc/web2.css?ver=202504221429580">.. [if IE 6]>..<link rel="stylesheet" href="/pcrimg/inc/web2-ie6.css?ver=202504221429580" media="screen" type="text/css">..<![endif]-->.. [if IE 7]>..<link rel="stylesheet" href="/pcrimg/inc/web2-ie7.css?ver=202504221429580" media="screen" type="text/css">..<![endif]-->.. [if IE 8]>..<link rel="stylesheet" href="/pcrimg/inc/web2-ie8.css?ver=202504221429580" media="screen" type="text/css">..<![endif]-->..<script src="/pcrimg/inc/dropdowns.js?ver=202504221429580"></script>..<l

Static File Info

⊘No static file info

Source: global traffic	HTTP traffic detected: GET /rest/uiapi/campaigns/redirect?pcrCKey=PRXHA43HFYUIVUTVMVEZHECXITCQ2XUZOJP4XQX25XXHVJBMSE4MOSI3T6RNRM3NCRLTUY3FZYKKMP3I5Q2ASX3NCDE53IRTHOLE4VFHVBQRAEYBMK565X5YAALRCXJUMJ3B5TACOBUY62V2X3OCWETLOMBV56SNMR263X6XFNJ664YRX4MPUMPPOWQ3PCTAMMEWUIF7MYRZ4OPVVQUR3JXXDAP2MOTYVZZDGKS525HX4HCL75CHHQZ6GNDZ3UMZ5PTRQZU7QQL7MMVOBEZP4TQWRFMHUSZTXUS6PLN555HKKEUAE6BBAEEKKH3B7HB6QF6UO6AV6AKBMR73V4V7PWT6NXC7VHYDOSAEEUC5XI7VCPYJ7SSXLN6XNAGH2CRQYPLGUHIUUZQRSZQYH7E5QI5TTFAQUBMDVQ2FK46I6X4LZUYPPDZHCZSCTSJNBTHOHYY4PTE2DAK65RVRHUQVVYAITEJFADJAMHOTN5NPXKXQ%3D%3D%3D%3D HTTP/1.1Host: www2.pcrecruiter.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pcrbin/letter.aspx?i1=&i2=REMOVAL&i3=lbailey%40pike.com&caid=134586340221653&bulkcategory=512&pcr-id=fG5wc2cuP2KgoyT35oVRHGSSKAi3VISTrGeAXAMvHu18FKuTzIB7nXt5rc81zNQ5zSkn%2BFA%3D HTTP/1.1Host: www2.pcrecruiter.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pcrimg/inc/web2.css?ver=202504221429580 HTTP/1.1Host: www2.pcrecruiter.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www2.pcrecruiter.net/pcrbin/letter.aspx?i1=&i2=REMOVAL&i3=lbailey%40pike.com&caid=134586340221653&bulkcategory=512&pcr-id=fG5wc2cuP2KgoyT35oVRHGSSKAi3VISTrGeAXAMvHu18FKuTzIB7nXt5rc81zNQ5zSkn%2BFA%3DAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: staff%20financial.npsg=1
Source: global traffic	HTTP traffic detected: GET /rest/uiapi/css/fonticons/default?ver=202504221429580 HTTP/1.1Host: www2.pcrecruiter.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www2.pcrecruiter.net/pcrbin/letter.aspx?i1=&i2=REMOVAL&i3=lbailey%40pike.com&caid=134586340221653&bulkcategory=512&pcr-id=fG5wc2cuP2KgoyT35oVRHGSSKAi3VISTrGeAXAMvHu18FKuTzIB7nXt5rc81zNQ5zSkn%2BFA%3DAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: staff%20financial.npsg=1
Source: global traffic	HTTP traffic detected: GET /pcrimg/inc/helper.js?ver=202504221429580 HTTP/1.1Host: www2.pcrecruiter.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www2.pcrecruiter.net/pcrbin/letter.aspx?i1=&i2=REMOVAL&i3=lbailey%40pike.com&caid=134586340221653&bulkcategory=512&pcr-id=fG5wc2cuP2KgoyT35oVRHGSSKAi3VISTrGeAXAMvHu18FKuTzIB7nXt5rc81zNQ5zSkn%2BFA%3DAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: staff%20financial.npsg=1
Source: global traffic	HTTP traffic detected: GET /pcrimg/inc/dropdowns.js?ver=202504221429580 HTTP/1.1Host: www2.pcrecruiter.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www2.pcrecruiter.net/pcrbin/letter.aspx?i1=&i2=REMOVAL&i3=lbailey%40pike.com&caid=134586340221653&bulkcategory=512&pcr-id=fG5wc2cuP2KgoyT35oVRHGSSKAi3VISTrGeAXAMvHu18FKuTzIB7nXt5rc81zNQ5zSkn%2BFA%3DAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: staff%20financial.npsg=1
Source: global traffic	HTTP traffic detected: GET /pcrimg/inc/helperendext.js?ver=202504221429580 HTTP/1.1Host: www2.pcrecruiter.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www2.pcrecruiter.net/pcrbin/letter.aspx?i1=&i2=REMOVAL&i3=lbailey%40pike.com&caid=134586340221653&bulkcategory=512&pcr-id=fG5wc2cuP2KgoyT35oVRHGSSKAi3VISTrGeAXAMvHu18FKuTzIB7nXt5rc81zNQ5zSkn%2BFA%3DAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: staff%20financial.npsg=1
Source: global traffic	HTTP traffic detected: GET /PCR.ico HTTP/1.1Host: www.pcrecruiter.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www2.pcrecruiter.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /PCR.ico HTTP/1.1Host: www.pcrecruiter.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www2.pcrecruiter.net
Source: global traffic	DNS traffic detected: DNS query: www.pcrecruiter.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

Chrome Cache Entry: 39

Chrome Cache Entry: 40

Chrome Cache Entry: 41

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Static File Info