Edit tour

Windows Analysis Report
http://157.245.105.88

Overview

General Information

Sample URL:	http://157.245.105.88
Analysis ID:	1525205
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6760 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3704 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1996,i,14847232933631024622,7948767921687840332,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6612 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://157.245.105.88" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 03 Oct 2024 19:18:56 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingContent-Encoding: gzipData Raw: 62 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e b1 0e c2 30 0c 44 77 24 fe c1 74 8f 02 52 c7 90 05 81 c4 00 0b 5f 90 d6 26 89 94 c6 28 04 41 ff 9e b4 14 09 31 33 b2 d9 77 e7 77 56 2e 77 41 cf 67 ca 91 41 ad b2 cf 81 74 bd ac e1 c8 19 76 7c 8b a8 e4 4b 54 72 8c 94 68 c3 d8 43 63 5b 0e 9c d6 d5 dd f9 4c d5 a0 b7 14 33 25 ad dc ea 9b 50 14 25 27 7b e8 2a a1 69 8b d6 c7 c7 a7 27 07 fa 38 bc 3f 5b 08 01 06 2e 06 d1 47 0b 99 01 fd d5 34 81 e0 70 da 6f c1 44 84 8d 4b dc 11 9c 93 a7 88 a1 07 4a 89 53 b9 b0 04 42 fc 11 bf 46 3c 01 35 ce ae cf 34 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b40Dw$tR_&(A13wwV.wAgAtv|KTrhCc[L3%P%'{*i'8?[.G4poDKJSBF<540

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49719 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@17/13@6/121

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1996,i,14847232933631024622,7948767921687840332,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://157.245.105.88"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1996,i,14847232933631024622,7948767921687840332,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Name	IP	Active	Malicious	Antivirus Detection	Reputation
zeslecp.com	44.229.44.133	true	false		unknown
www.google.com	142.250.185.132	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://157.245.105.88/favicon.ico	false		unknown
http://157.245.105.88/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.78	unknown	United States	15169	GOOGLEUS	false
157.245.105.88	unknown	United States	14061	DIGITALOCEAN-ASNUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
44.229.44.133	zeslecp.com	United States	16509	AMAZON-02US	false
142.250.185.195	unknown	United States	15169	GOOGLEUS	false
64.233.184.84	unknown	United States	15169	GOOGLEUS	false
172.217.23.106	unknown	United States	15169	GOOGLEUS	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
216.58.212.174	unknown	United States	15169	GOOGLEUS	false
172.217.16.195	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1525205
Start date and time:	2024-10-03 21:18:23 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://157.245.105.88
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@17/13@6/121

Warnings

Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 199.232.214.172, 142.250.185.195, 64.233.184.84, 142.250.186.78, 34.104.35.123, 172.217.23.106, 172.217.16.195
Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://157.245.105.88

LLM Input / Output

Input	Output
URL: http://157.245.105.88/ Model: jbxai	{ "brand":["Zeslecp"], "contains_trigger_text":true, "trigger_text":"ZESLECP NEW INSTALLATION", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Input

Output

URL: http://157.245.105.88/ Model: jbxai

{
"brand":["Zeslecp"],
"contains_trigger_text":true,
"trigger_text":"ZESLECP NEW INSTALLATION",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 18:18:53 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9855223796255435
Encrypted:	false
SSDEEP:
MD5:	DD1186C46693A69EE684A5318EAD0B35
SHA1:	2917E9BD5E03969D1658E95B53A6C6A271DF618D
SHA-256:	7C55ABE0CC3D76605C4BA857ABD623EB89018B73A8EAF6153C4C7ABB3423557E
SHA-512:	28DB901105EE96E4C53D21C7E3F31A16547B92360EABA7664FB55896784CAFE0F255145CD67DFD7B7D2CF0CC9962E811D84E0827D32A9F46511F90F3BA35B20F
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICYR.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCYZ.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCYZ.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCYZ............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCY[............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............#......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 18:18:53 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.005946922975961
Encrypted:	false
SSDEEP:
MD5:	34AA4FE1D7B9E53AC062DE807DED4368
SHA1:	4045C243AE8CF81EC8D5FE56B2BFC894E746DBB7
SHA-256:	BE1648AC4693E3FA7D2291394E75C6E1A02B298417DFAD5C0630663056160377
SHA-512:	204DABB4722FDD9B716105E6572180CB6D1058BCC6C1509E8F77B4B8F5DD5A96E3ABB553EC4028A2B4822F88A6613C74D6AA79F6D8C35F3C4B0F0805C3C267C5
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....}......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICYR.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCYZ.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCYZ.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCYZ............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCY[............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............#......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.009685878515584
Encrypted:	false
SSDEEP:
MD5:	C49D543C41605FBAC27DAF13977E13E5
SHA1:	DF52FFEB74AC9045E48ECA812DDAC91D682E907A
SHA-256:	5FE9978E1223EB2B341D4B7A341D129C4016CE53A5BBFB121640796D139A1E5A
SHA-512:	39D60BDBE92DECD4AD4F9BE6DE3CF4684374A4CD46E14FC9F066B43D6C507470F2E8547C0C01E08817B9198610D7E336DC09DA9EF541C40A932F061D4C7D0EEE
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICYR.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCYZ.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCYZ.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCYZ............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............#......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 18:18:53 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.002047927085467
Encrypted:	false
SSDEEP:
MD5:	01DA377D7808AB3BAC3613478B691B33
SHA1:	112E1E3C963DD07818756D0CDFFD34C298734C4A
SHA-256:	3DD1472E32AEF143D9D4FDA72A94BA19D7F1249281E4FDC542430AFA34298C47
SHA-512:	C157A7A9E801FDDF63CE37A4CBE45967E3739B56B2187DAD8F6C9A0E26CE43B3925D2B21CADDB19AF710D756FA0FDD466F303513EA8832D676107016D2BBA742
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICYR.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCYZ.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCYZ.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCYZ............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCY[............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............#......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 18:18:53 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9917321073907783
Encrypted:	false
SSDEEP:
MD5:	A0D8AADFE417DC6EB9EABDB72972CF8B
SHA1:	8CBFFA7BA98DFDD64465F7D2D6D5467B1AB60DC6
SHA-256:	BC29C92C1575574AFB37EEBF8ABDFF33C54D83BF20141B5481500EAC5EF059C9
SHA-512:	C1354693D1D48FD87B307C2C6631FE0592F825C2E781EA5E0C626743714B6A19BD1DBA8CBD17878AE386CB95AA5129B0C0FB95113C169D851606BF3FE577428F
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICYR.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCYZ.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCYZ.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCYZ............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCY[............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............#......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 18:18:53 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9990853911805746
Encrypted:	false
SSDEEP:
MD5:	23A8E0A4AD53321CE702EF0BC3BA4A8F
SHA1:	9D3F757D741477B64A44A8A27985CC7B3A91312A
SHA-256:	85BB44FA974B7AF27AB524FBF83D78589D9DC1CF56915988A4EE6D80071FA624
SHA-512:	2C4F1B6BCD1633E5480E571CABCD5002DFAD41C36FFC95015C2518279028ECDF692FB478CF75C45316C954BF14B6BF9415388A86B00C1AE6E8F4F76AF0ED466C
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICYR.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCYZ.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCYZ.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCYZ............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCY[............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............#......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 564
Category:	downloaded
Size (bytes):	180
Entropy (8bit):	6.7511680267049305
Encrypted:	false
SSDEEP:
MD5:	FDAA771C8E4FDCB45C6FCC856D28F112
SHA1:	23FB21BF8627EAA12D1B3678F475259D5B9375C5
SHA-256:	43E404C14A3169A898971EDA54C068F8902274A73C9CC090B64B77643BAA0F73
SHA-512:	1F5BA46E5148AE63DD6E9F9838D3EDCA257288372EEA810AF953A02BCC11BBB0BF046763EF32CC0E86C5E45BA7487ED51E5D27C271863963D1F5B967F0AE4359
Malicious:	false
Reputation:	unknown
URL:	http://157.245.105.88/favicon.ico
Preview:	.............0.Dw$..t..R......_..&...(.A.....13..w.wV.wA.g.A...t.....v\|...KTr..h..Cc[......L...3%...P.%'{.*.i....'..8.?[......G.....4..p.o.D..K........J.S...B...F<.5..4...

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15596, version 1.0
Category:	downloaded
Size (bytes):	15596
Entropy (8bit):	7.987145054535937
Encrypted:	false
SSDEEP:
MD5:	72BB194F7E275C92ECF5536060952844
SHA1:	A7419D2E8B92CBC5F89C3C03771F45C4F632964C
SHA-256:	E9986C62B19BCE3791C4C103A4AA87C91D22D9E1C9F252F7F802EA26D3405769
SHA-512:	25B14C88C5C810D469868C650A5DCB0B704D40173B3CCF65FA468A656E0751E6CAB122F5B7F088772BFFE54C5BDC9AEFD49341003A5A5BA2A91BD96F62D05CA6
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/fredokaone/v14/k3kUo8kEI-tA1RRcTZGmTlHGCac.woff2
Preview:	wOF2......<...........<..........................@..R....`..D.....\..Q..>..6.$..x. .....}....{.l\-v;.)...#....,{.0..M.H.........G...3...P..Y..W...G..{...xTG'.s/.S.u..e...9...);..g.8.5wx~n...z......X..%0...HIX.(..(.......h...."..F...m....,..o....i:...y....V.n`]..5.-.8."...i_.&.H.3`....h.j./.y..oq.!A.^$....A.H..\....q.t.;..K.y5.4#.C.X].bA,.].X.........,..:y.....V.S........;.....Z6P]`Z....t3j.i...K..K......W....-;.Z( ......c.R.......`....p.H.T....#.@...E.r..O!..?..?...X.v....\|...9;/...8.a'.7a(M.....ryLf..3...}..lh.H,2..rr\|d$...0.......LqK.>.\(h....._..`e....C....P .1A.[....P.J.`...?..n.~...v.4q]...=.H.L..fjN9=...90....cjg...il..#.T.\|L.....G.`....-.;M ..@hu..k....2i....{.B....[(..;..../K...L!nV.l...s........Y...H.z.p.=R.O...\d.V{[.-!..B.....?...,a.Y.v.; ...c..p.#F....]T,*V..I.9C@+.... S.1...u......uK.[.........pJ.zQ^..5..i4X%...z....2E.Q.L...j.!..4...U....3...1.=}s....;S..l.m....R,6..^....=.[...ST.x.U...^..`WU.....!yvY.....'-.o...N.i]

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 4109
Category:	downloaded
Size (bytes):	1560
Entropy (8bit):	7.872171193957303
Encrypted:	false
SSDEEP:
MD5:	66737237C5FA7BFDAB3A0C086B235FCC
SHA1:	E6216E053C0C0E41EA43C4F1A6CB86E14BFBD37E
SHA-256:	9CF98E1C4C8177222BFDED3D657B514DC4C207D37D2409E4F0941F53C185292D
SHA-512:	F1AAC673F6AE11B07B35498F00A766BD21B0686682DE37B6E5B780BA7D52F6646F8B95EAABAC2D4D15F8B89D9D05ADEB3AB341EB738FA48AA1BE34FD9AEFF361
Malicious:	false
Reputation:	unknown
URL:	http://157.245.105.88/
Preview:	...........Wmo.6.....V...E...&.lwE.u....:t[Q..t..P.JRv..}GR.[.......x.{.9...t:.{?.<{...sR..O;c.C8..$..X....J0.$.U..$.M.....0...c.....g.,+j.C@.)...sq>.4..,AK..s..J...`.)&).Y.....&.a..:..&=k.0.a..h.g..[..,...9.#....C.\....<.C.r&.I. ...s=.".Qws.I+..h+J.~..........?.....>..Yr...........G.8><..f.......#..V.R..t%E..WcD.\...]W.A".F.8...v.JH.%.kP.....}.......G..S.Z<4d!.%a.Y....S...X.Q.1.....;...=!...B.:Q.2D.d...[.$....#.i......z.-.@W..8.f...aD...oG{.......s..M.B&..26A....3...`v.L8.W.f...Gd&U..~D...I.K.3...Y.\|.}.G.a....DS.C......3..QIU.....B.L.Sk...KB.W$......X^.......a>.i.k..s.p.Q....Y..[0.B..y.W\....tH...-,a..Y.>_..X.#....aDN.q.2.1\|...4....f.%.j.....L,a.W.u.;....a<t...8.c...b....E....h..I.t.X.....yr..[........Yv.....`q...P.;~..;0t.~..D.&p......~....k.4P.....Id.....-2+f.....i.Chmd..>...js..v.V.xOV..l.o....{M.g4....&.$....~.jh..D.3.h0<$._..?^......n....jc....w/i..D.6..\...Eh....).: +...PV.]/..B....w.._...i]Q.y....%..bm.8}]...p.LW.[.$..sf\&.7.

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (5051)
Category:	dropped
Size (bytes):	5915
Entropy (8bit):	6.110167896385669
Encrypted:	false
SSDEEP:
MD5:	9F26E8F561E56CDA6D855C45D737DA76
SHA1:	2FC43A1D94750CEF05EDE81124A7190BF5858EF5
SHA-256:	8D598A4AE8D81D543D5D9494B0C366BEC617F2F0D9DF3B9A1202E2F6F45160CA
SHA-512:	00B9DA8E71994AE292AFBD7332986BF793522945B22F39AD0AD018F3F353AE3BAA30DDEF7657A09669455891A3FF0F6B792D480632B1EC690F17A429D070E7F7
Malicious:	false
Reputation:	unknown
Preview:	<!doctype html>.<html lang="en">.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">. CSRF Token -->. <meta name="csrf-token" content="QMa2Jy7Bjjmnpc2IJzYHjfL7a6KRzROt7zIKtC2s">. <title>ZesleCP</title>.. Styles -->. <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/3.2.1/css/font-awesome.min.css" rel="stylesheet">. <link href="/css/app.css?id=3a8bb77eddd37f4a336a" rel="stylesheet">.</head>.<style type="text/css">.class1{position:absolute;z-index:10;top:0;right:0;bottom:0;left:0;display:-webkit-box;display:-ms-flexbox;display:flex;text-align:center;background:#f9f9fb;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center}.class2{position:relative;zoom:1;margin:0 auto}.class41{position:absolute;top:4px;left:4px;width:92px;height:92px;border-radius:50%;background:#0054d1}.class4{position:absolute;top:0;left:0;width:

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 48336, version 1.0
Category:	downloaded
Size (bytes):	48336
Entropy (8bit):	7.995815173088384
Encrypted:	true
SSDEEP:
MD5:	BFE7AD4AA54CFF8909B2D7632073CC30
SHA1:	7C2E625BEA4D449CA78CDE09AB59DC6C9CB4726F
SHA-256:	47D477915FA5912616E2DC5DF8C5780F9202671678CF275472BD39F3381C0098
SHA-512:	B083C9E0766F281A39F582404F08B3D3314C7757AC151C4CB00BD3CECEB4FA06B12D08D881A2C6BF80A066ECAD22FECE7CFF41269D2DBD2BFE38D873922A31FF
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/raleway/v34/1Ptug8zYS_SKggPNyC0ITw.woff2
Preview:	wOF2...................S..........................g...l..P?HVAR...`?STAT.8'2..4....../~.....$..U..,.0..<.6.$..T. ..J.. ...[3mq..c..5.Hu..ev.5.c.L6e....<.>U..#0l..h.........F.m........."...,V...\.i....;zG-....%..Nt.j....l..m.p.`=....%...}^B).I.Q..qt.l..l...i.......9~....P.".tj.._?.P.j...B.r...'...Zh...}......M].+......k].!..E<.{.........."........m...$C.."_i.>.i@.=.#......s...........%...;."...U.....n,...DO.W.n..85.._.Bj9..nN.T.xl.U".Xq^...y.......<.2'.... .`...WCT.W........?{wI.!.B..C..B.$..Zh..0/ b.....P.(X..?..._Pi.4;`y....gi.j.Zu=.8......>...{U..K..X.P.hN......=.....C..,............f.eE.l...e.Y...K.Xf.u.%f...k...+"V.Y"W.bD.........~.[.~QL.z2.......V.Bd..j.D...]...X.5d........){....G~Q.x....{.{.=\.5.h...DB...H]V'.....<...sD....=D(.......^.&M.2....M(iH.8<........p\d.Wo.....@..A....U..M..K...z".%....n...k.T/a..d(..5s1..P..K..i.]l..+.......ZK7H\D.N...].kL.......^.^...K)(r.J.W..L2Y...?..`.......&.%....{?T.:P9.\%..E*....H....`....r....Q.....Rw....T..}....M

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	402
Entropy (8bit):	5.2641340226844955
Encrypted:	false
SSDEEP:
MD5:	64E43ED8305045048B74B1579916B825
SHA1:	FD0275316C885BAA6E2281EE0A716AE0A9D5024C
SHA-256:	CA76180C2133D7D13DE82A1B213BB4D0D1556D2CFD8C5FEA78032F3724EC951F
SHA-512:	57839506CE0194FF0F187BEF628D9EC6824F0089C6C04A0DAB2FCD98C5411AC885B6755F2B9B968F31DBB7218FF84801D105436ABC704DB206B295BA15CE7FE9
Malicious:	false
Reputation:	unknown
URL:	https://fonts.googleapis.com/css?family=Fredoka+One
Preview:	/* latin */.@font-face {. font-family: 'Fredoka One';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/fredokaone/v14/k3kUo8kEI-tA1RRcTZGmTlHGCac.woff2) format('woff2');. unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;.}.

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	3340
Entropy (8bit):	5.4356304343171065
Encrypted:	false
SSDEEP:
MD5:	F06C735511D08CA0FB67DF2615B78B48
SHA1:	7E002CE574DFD1E4B43509FB13D6E44093692EE8
SHA-256:	F964F7D6D3B27013577D6E2E4E9564717CD0881A31F7D86189783B76244398C1
SHA-512:	231C791153BAF155B9E9F1D556EBE7D40CC226BDACC883B244BB6B27BCF5AC3C08F829D75177E13EF0D43CACB75B294965F69CDE5BFD51DE90121E508E5D4F0C
Malicious:	false
Reputation:	unknown
URL:	"https://fonts.googleapis.com/css?family=Raleway:400,700"
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Raleway';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/raleway/v34/1Ptug8zYS_SKggPNyCAIT5lu.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Raleway';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/raleway/v34/1Ptug8zYS_SKggPNyCkIT5lu.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ vietnamese /.@font-face {. font-family: 'Raleway';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/raleway/v34/1Ptug8zYS_SKggPNyCIIT5lu.woff2) format('woff2');. unicode-range: U+0102-0103, U+0110-0111, U+0128-0129, U+0168-0169, U+01A0-01A1, U+01AF-01B0, U+0300-0301, U+0303-0304, U+0308-0309, U+0323, U+0329, U+1EA0-1EF9, U+20AB;.}./ latin-ext */.@font-face {. font-family: 'Raleway';. font-style

Static File Info

⊘No static file info

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 157.245.105.88Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 157.245.105.88Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://157.245.105.88/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: zeslecp.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 157.245.105.88
Source: unknown	TCP traffic detected without corresponding DNS query: 157.245.105.88
Source: unknown	TCP traffic detected without corresponding DNS query: 157.245.105.88
Source: unknown	TCP traffic detected without corresponding DNS query: 157.245.105.88
Source: unknown	TCP traffic detected without corresponding DNS query: 157.245.105.88
Source: unknown	TCP traffic detected without corresponding DNS query: 157.245.105.88
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 157.245.105.88
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 157.245.105.88
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 157.245.105.88
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 157.245.105.88

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://157.245.105.88

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Static File Info

Windows Analysis Report
http://157.245.105.88