Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://microsoft.qualtrics.com

Overview

General Information

Sample URL:http://microsoft.qualtrics.com
Analysis ID:1525379

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

HTML body contains low number of good links
HTML title does not match URL
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 7012 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6348 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1816,i,2146698803548094580,12635587168967963022,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 5532 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://microsoft.qualtrics.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/saml2?SAMLRequest=fZJNT%2BMwEIb%2FiuW7EzsNbWI1RQWEFonVVjRw4IIcZ9xaSuzicar9%2BZtNqJY9wNHy%2B%2BGZx%2Bvr331HzhDQeldRkXBKwGnfWneo6HN9zwp6vVmj6ruT3A7x6J7gfQCMZPQ5lNNFRYfgpFdoUTrVA8qo5X7781FmCZen4KPXvqNkiwghjkW33uHQQ9hDOFsNz0%2BPFT3GeEKZplqJ5H1QXQxWY6J9n3b%2BYF16FimiT%2F8WZmkLRg1dZHii5G58jXUqTgNcUiZP0lsdPHoTveusgyltlZmyKBrDiqURLBfKsFKohmXtSrdciLbJV3MLJfc%2BaJimrqhRHQIlD3cVfTOGm3xRAqjySl0tRbMsCtECNI3mZSPUKMOdQrRn%2BGdEHODBYVQuVjTjWc4EZzyveSazQi4WyVIUr5TsPtZ1Y90M4bvdNrMI5Y%2B63rHdr31NycsF5iigMzo5lYdPzL6PVRdQdPMllnX6KXkzn%2F7%2FIps%2F&RelayState=LNS-_210088581e9591ca7166b1e81d10badaHTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/saml2?SAMLRequest=fZJNT%2BMwEIb%2FiuW7EzsNbWI1RQWEFonVVjRw4IIcZ9xaSuzicar9%2BZtNqJY9wNHy%2B%2BGZx%2Bvr331HzhDQeldRkXBKwGnfWneo6HN9zwp6vVmj6ruT3A7x6J7gfQCMZPQ5lNNFRYfgpFdoUTrVA8qo5X7781FmCZen4KPXvqNkiwghjkW33uHQQ9hDOFsNz0%2BPFT3GeEKZplqJ5H1QXQxWY6J9n3b%2BYF16FimiT%2F8WZmkLRg1dZHii5G58jXUqTgNcUiZP0lsdPHoTveusgyltlZmyKBrDiqURLBfKsFKohmXtSrdciLbJV3MLJfc%2BaJimrqhRHQIlD3cVfTOGm3xRAqjySl0tRbMsCtECNI3mZSPUKMOdQrRn%2BGdEHODBYVQuVjTjWc4EZzyveSazQi4WyVIUr5TsPtZ1Y90M4bvdNrMI5Y%2B63rHdr31NycsF5iigMzo5lYdPzL6PVRdQdPMllnX6KXkzn%2F7%2FIps%2F&RelayState=LNS-_210088581e9591ca7166b1e81d10bada&sso_reload=trueHTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/saml2?SAMLRequest=fZJNT%2BMwEIb%2FiuW7EzsNbWI1RQWEFonVVjRw4IIcZ9xaSuzicar9%2BZtNqJY9wNHy%2B%2BGZx%2Bvr331HzhDQeldRkXBKwGnfWneo6HN9zwp6vVmj6ruT3A7x6J7gfQCMZPQ5lNNFRYfgpFdoUTrVA8qo5X7781FmCZen4KPXvqNkiwghjkW33uHQQ9hDOFsNz0%2BPFT3GeEKZplqJ5H1QXQxWY6J9n3b%2BYF16FimiT%2F8WZmkLRg1dZHii5G58jXUqTgNcUiZP0lsdPHoTveusgyltlZmyKBrDiqURLBfKsFKohmXtSrdciLbJV3MLJfc%2BaJimrqhRHQIlD3cVfTOGm3xRAqjySl0tRbMsCtECNI3mZSPUKMOdQrRn%2BGdEHODBYVQuVjTjWc4EZzyveSazQi4WyVIUr5TsPtZ1Y90M4bvdNrMI5Y%2B63rHdr31NycsF5iigMzo5lYdPzL6PVRdQdPMllnX6KXkzn%2F7%2FIps%2F&RelayState=LNS-_210088581e9591ca7166b1e81d10badaHTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/saml2?SAMLRequest=fZJNT%2BMwEIb%2FiuW7EzsNbWI1RQWEFonVVjRw4IIcZ9xaSuzicar9%2BZtNqJY9wNHy%2B%2BGZx%2Bvr331HzhDQeldRkXBKwGnfWneo6HN9zwp6vVmj6ruT3A7x6J7gfQCMZPQ5lNNFRYfgpFdoUTrVA8qo5X7781FmCZen4KPXvqNkiwghjkW33uHQQ9hDOFsNz0%2BPFT3GeEKZplqJ5H1QXQxWY6J9n3b%2BYF16FimiT%2F8WZmkLRg1dZHii5G58jXUqTgNcUiZP0lsdPHoTveusgyltlZmyKBrDiqURLBfKsFKohmXtSrdciLbJV3MLJfc%2BaJimrqhRHQIlD3cVfTOGm3xRAqjySl0tRbMsCtECNI3mZSPUKMOdQrRn%2BGdEHODBYVQuVjTjWc4EZzyveSazQi4WyVIUr5TsPtZ1Y90M4bvdNrMI5Y%2B63rHdr31NycsF5iigMzo5lYdPzL6PVRdQdPMllnX6KXkzn%2F7%2FIps%2F&RelayState=LNS-_210088581e9591ca7166b1e81d10bada&sso_reload=trueHTTP Parser: Title: Sign in to your account does not match URL
Source: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/saml2?SAMLRequest=fZJNT%2BMwEIb%2FiuW7EzsNbWI1RQWEFonVVjRw4IIcZ9xaSuzicar9%2BZtNqJY9wNHy%2B%2BGZx%2Bvr331HzhDQeldRkXBKwGnfWneo6HN9zwp6vVmj6ruT3A7x6J7gfQCMZPQ5lNNFRYfgpFdoUTrVA8qo5X7781FmCZen4KPXvqNkiwghjkW33uHQQ9hDOFsNz0%2BPFT3GeEKZplqJ5H1QXQxWY6J9n3b%2BYF16FimiT%2F8WZmkLRg1dZHii5G58jXUqTgNcUiZP0lsdPHoTveusgyltlZmyKBrDiqURLBfKsFKohmXtSrdciLbJV3MLJfc%2BaJimrqhRHQIlD3cVfTOGm3xRAqjySl0tRbMsCtECNI3mZSPUKMOdQrRn%2BGdEHODBYVQuVjTjWc4EZzyveSazQi4WyVIUr5TsPtZ1Y90M4bvdNrMI5Y%2B63rHdr31NycsF5iigMzo5lYdPzL6PVRdQdPMllnX6KXkzn%2F7%2FIps%2F&RelayState=LNS-_210088581e9591ca7166b1e81d10bada&sso_reload=trueHTTP Parser: <input type="password" .../> found
Source: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/saml2?SAMLRequest=fZJNT%2BMwEIb%2FiuW7EzsNbWI1RQWEFonVVjRw4IIcZ9xaSuzicar9%2BZtNqJY9wNHy%2B%2BGZx%2Bvr331HzhDQeldRkXBKwGnfWneo6HN9zwp6vVmj6ruT3A7x6J7gfQCMZPQ5lNNFRYfgpFdoUTrVA8qo5X7781FmCZen4KPXvqNkiwghjkW33uHQQ9hDOFsNz0%2BPFT3GeEKZplqJ5H1QXQxWY6J9n3b%2BYF16FimiT%2F8WZmkLRg1dZHii5G58jXUqTgNcUiZP0lsdPHoTveusgyltlZmyKBrDiqURLBfKsFKohmXtSrdciLbJV3MLJfc%2BaJimrqhRHQIlD3cVfTOGm3xRAqjySl0tRbMsCtECNI3mZSPUKMOdQrRn%2BGdEHODBYVQuVjTjWc4EZzyveSazQi4WyVIUr5TsPtZ1Y90M4bvdNrMI5Y%2B63rHdr31NycsF5iigMzo5lYdPzL6PVRdQdPMllnX6KXkzn%2F7%2FIps%2F&RelayState=LNS-_210088581e9591ca7166b1e81d10badaHTTP Parser: No favicon
Source: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/saml2?SAMLRequest=fZJNT%2BMwEIb%2FiuW7EzsNbWI1RQWEFonVVjRw4IIcZ9xaSuzicar9%2BZtNqJY9wNHy%2B%2BGZx%2Bvr331HzhDQeldRkXBKwGnfWneo6HN9zwp6vVmj6ruT3A7x6J7gfQCMZPQ5lNNFRYfgpFdoUTrVA8qo5X7781FmCZen4KPXvqNkiwghjkW33uHQQ9hDOFsNz0%2BPFT3GeEKZplqJ5H1QXQxWY6J9n3b%2BYF16FimiT%2F8WZmkLRg1dZHii5G58jXUqTgNcUiZP0lsdPHoTveusgyltlZmyKBrDiqURLBfKsFKohmXtSrdciLbJV3MLJfc%2BaJimrqhRHQIlD3cVfTOGm3xRAqjySl0tRbMsCtECNI3mZSPUKMOdQrRn%2BGdEHODBYVQuVjTjWc4EZzyveSazQi4WyVIUr5TsPtZ1Y90M4bvdNrMI5Y%2B63rHdr31NycsF5iigMzo5lYdPzL6PVRdQdPMllnX6KXkzn%2F7%2FIps%2F&RelayState=LNS-_210088581e9591ca7166b1e81d10badaHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/saml2?SAMLRequest=fZJNT%2BMwEIb%2FiuW7EzsNbWI1RQWEFonVVjRw4IIcZ9xaSuzicar9%2BZtNqJY9wNHy%2B%2BGZx%2Bvr331HzhDQeldRkXBKwGnfWneo6HN9zwp6vVmj6ruT3A7x6J7gfQCMZPQ5lNNFRYfgpFdoUTrVA8qo5X7781FmCZen4KPXvqNkiwghjkW33uHQQ9hDOFsNz0%2BPFT3GeEKZplqJ5H1QXQxWY6J9n3b%2BYF16FimiT%2F8WZmkLRg1dZHii5G58jXUqTgNcUiZP0lsdPHoTveusgyltlZmyKBrDiqURLBfKsFKohmXtSrdciLbJV3MLJfc%2BaJimrqhRHQIlD3cVfTOGm3xRAqjySl0tRbMsCtECNI3mZSPUKMOdQrRn%2BGdEHODBYVQuVjTjWc4EZzyveSazQi4WyVIUr5TsPtZ1Y90M4bvdNrMI5Y%2B63rHdr31NycsF5iigMzo5lYdPzL6PVRdQdPMllnX6KXkzn%2F7%2FIps%2F&RelayState=LNS-_210088581e9591ca7166b1e81d10bada&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/saml2?SAMLRequest=fZJNT%2BMwEIb%2FiuW7EzsNbWI1RQWEFonVVjRw4IIcZ9xaSuzicar9%2BZtNqJY9wNHy%2B%2BGZx%2Bvr331HzhDQeldRkXBKwGnfWneo6HN9zwp6vVmj6ruT3A7x6J7gfQCMZPQ5lNNFRYfgpFdoUTrVA8qo5X7781FmCZen4KPXvqNkiwghjkW33uHQQ9hDOFsNz0%2BPFT3GeEKZplqJ5H1QXQxWY6J9n3b%2BYF16FimiT%2F8WZmkLRg1dZHii5G58jXUqTgNcUiZP0lsdPHoTveusgyltlZmyKBrDiqURLBfKsFKohmXtSrdciLbJV3MLJfc%2BaJimrqhRHQIlD3cVfTOGm3xRAqjySl0tRbMsCtECNI3mZSPUKMOdQrRn%2BGdEHODBYVQuVjTjWc4EZzyveSazQi4WyVIUr5TsPtZ1Y90M4bvdNrMI5Y%2B63rHdr31NycsF5iigMzo5lYdPzL6PVRdQdPMllnX6KXkzn%2F7%2FIps%2F&RelayState=LNS-_210088581e9591ca7166b1e81d10bada&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/saml2?SAMLRequest=fZJNT%2BMwEIb%2FiuW7EzsNbWI1RQWEFonVVjRw4IIcZ9xaSuzicar9%2BZtNqJY9wNHy%2B%2BGZx%2Bvr331HzhDQeldRkXBKwGnfWneo6HN9zwp6vVmj6ruT3A7x6J7gfQCMZPQ5lNNFRYfgpFdoUTrVA8qo5X7781FmCZen4KPXvqNkiwghjkW33uHQQ9hDOFsNz0%2BPFT3GeEKZplqJ5H1QXQxWY6J9n3b%2BYF16FimiT%2F8WZmkLRg1dZHii5G58jXUqTgNcUiZP0lsdPHoTveusgyltlZmyKBrDiqURLBfKsFKohmXtSrdciLbJV3MLJfc%2BaJimrqhRHQIlD3cVfTOGm3xRAqjySl0tRbMsCtECNI3mZSPUKMOdQrRn%2BGdEHODBYVQuVjTjWc4EZzyveSazQi4WyVIUr5TsPtZ1Y90M4bvdNrMI5Y%2B63rHdr31NycsF5iigMzo5lYdPzL6PVRdQdPMllnX6KXkzn%2F7%2FIps%2F&RelayState=LNS-_210088581e9591ca7166b1e81d10badaHTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/saml2?SAMLRequest=fZJNT%2BMwEIb%2FiuW7EzsNbWI1RQWEFonVVjRw4IIcZ9xaSuzicar9%2BZtNqJY9wNHy%2B%2BGZx%2Bvr331HzhDQeldRkXBKwGnfWneo6HN9zwp6vVmj6ruT3A7x6J7gfQCMZPQ5lNNFRYfgpFdoUTrVA8qo5X7781FmCZen4KPXvqNkiwghjkW33uHQQ9hDOFsNz0%2BPFT3GeEKZplqJ5H1QXQxWY6J9n3b%2BYF16FimiT%2F8WZmkLRg1dZHii5G58jXUqTgNcUiZP0lsdPHoTveusgyltlZmyKBrDiqURLBfKsFKohmXtSrdciLbJV3MLJfc%2BaJimrqhRHQIlD3cVfTOGm3xRAqjySl0tRbMsCtECNI3mZSPUKMOdQrRn%2BGdEHODBYVQuVjTjWc4EZzyveSazQi4WyVIUr5TsPtZ1Y90M4bvdNrMI5Y%2B63rHdr31NycsF5iigMzo5lYdPzL6PVRdQdPMllnX6KXkzn%2F7%2FIps%2F&RelayState=LNS-_210088581e9591ca7166b1e81d10bada&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/saml2?SAMLRequest=fZJNT%2BMwEIb%2FiuW7EzsNbWI1RQWEFonVVjRw4IIcZ9xaSuzicar9%2BZtNqJY9wNHy%2B%2BGZx%2Bvr331HzhDQeldRkXBKwGnfWneo6HN9zwp6vVmj6ruT3A7x6J7gfQCMZPQ5lNNFRYfgpFdoUTrVA8qo5X7781FmCZen4KPXvqNkiwghjkW33uHQQ9hDOFsNz0%2BPFT3GeEKZplqJ5H1QXQxWY6J9n3b%2BYF16FimiT%2F8WZmkLRg1dZHii5G58jXUqTgNcUiZP0lsdPHoTveusgyltlZmyKBrDiqURLBfKsFKohmXtSrdciLbJV3MLJfc%2BaJimrqhRHQIlD3cVfTOGm3xRAqjySl0tRbMsCtECNI3mZSPUKMOdQrRn%2BGdEHODBYVQuVjTjWc4EZzyveSazQi4WyVIUr5TsPtZ1Y90M4bvdNrMI5Y%2B63rHdr31NycsF5iigMzo5lYdPzL6PVRdQdPMllnX6KXkzn%2F7%2FIps%2F&RelayState=LNS-_210088581e9591ca7166b1e81d10bada&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: global trafficDNS traffic detected: DNS query: microsoft.qualtrics.com
Source: global trafficDNS traffic detected: DNS query: microsoft.yul1.qualtrics.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: login.microsoftonline.com
Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global trafficDNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauthimages.net
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: classification engineClassification label: clean1.win@18/6@26/205
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1816,i,2146698803548094580,12635587168967963022,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://microsoft.qualtrics.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1816,i,2146698803548094580,12635587168967963022,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://microsoft.qualtrics.com0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
microsoft.qualtrics.com0%VirustotalBrowse

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0016.t-0009.t-msedge.net
13.107.246.44
truefalse
    		unknown
    sni1gl.wpc.omegacdn.net
    		152.199.21.175
    		truefalse
      		unknown
      s-part-0017.t-0009.t-msedge.net
      		13.107.246.45
      		truefalse
        		unknown
        www.google.com
        		142.250.184.196
        		truefalse
          		unknown
          s-part-0032.t-0009.t-msedge.net
          		13.107.246.60
          		truefalse
            		unknown
            microsoft.yul1.qualtrics.com
            		unknown
            		unknownfalse
              		unknown
              identity.nel.measure.office.net
              		unknown
              		unknownfalse
                		unknown
                aadcdn.msftauth.net
                		unknown
                		unknownfalse
                  		unknown
                  login.microsoftonline.com
                  		unknown
                  		unknownfalse
                    		unknown
                    microsoft.qualtrics.com
                    		unknown
                    		unknownfalseunknown
                    aadcdn.msftauthimages.net
                    		unknown
                    		unknownfalse
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/saml2?SAMLRequest=fZJNT%2BMwEIb%2FiuW7EzsNbWI1RQWEFonVVjRw4IIcZ9xaSuzicar9%2BZtNqJY9wNHy%2B%2BGZx%2Bvr331HzhDQeldRkXBKwGnfWneo6HN9zwp6vVmj6ruT3A7x6J7gfQCMZPQ5lNNFRYfgpFdoUTrVA8qo5X7781FmCZen4KPXvqNkiwghjkW33uHQQ9hDOFsNz0%2BPFT3GeEKZplqJ5H1QXQxWY6J9n3b%2BYF16FimiT%2F8WZmkLRg1dZHii5G58jXUqTgNcUiZP0lsdPHoTveusgyltlZmyKBrDiqURLBfKsFKohmXtSrdciLbJV3MLJfc%2BaJimrqhRHQIlD3cVfTOGm3xRAqjySl0tRbMsCtECNI3mZSPUKMOdQrRn%2BGdEHODBYVQuVjTjWc4EZzyveSazQi4WyVIUr5TsPtZ1Y90M4bvdNrMI5Y%2B63rHdr31NycsF5iigMzo5lYdPzL6PVRdQdPMllnX6KXkzn%2F7%2FIps%2F&RelayState=LNS-_210088581e9591ca7166b1e81d10badafalse
                        		unknown
                        https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/saml2?SAMLRequest=fZJNT%2BMwEIb%2FiuW7EzsNbWI1RQWEFonVVjRw4IIcZ9xaSuzicar9%2BZtNqJY9wNHy%2B%2BGZx%2Bvr331HzhDQeldRkXBKwGnfWneo6HN9zwp6vVmj6ruT3A7x6J7gfQCMZPQ5lNNFRYfgpFdoUTrVA8qo5X7781FmCZen4KPXvqNkiwghjkW33uHQQ9hDOFsNz0%2BPFT3GeEKZplqJ5H1QXQxWY6J9n3b%2BYF16FimiT%2F8WZmkLRg1dZHii5G58jXUqTgNcUiZP0lsdPHoTveusgyltlZmyKBrDiqURLBfKsFKohmXtSrdciLbJV3MLJfc%2BaJimrqhRHQIlD3cVfTOGm3xRAqjySl0tRbMsCtECNI3mZSPUKMOdQrRn%2BGdEHODBYVQuVjTjWc4EZzyveSazQi4WyVIUr5TsPtZ1Y90M4bvdNrMI5Y%2B63rHdr31NycsF5iigMzo5lYdPzL6PVRdQdPMllnX6KXkzn%2F7%2FIps%2F&RelayState=LNS-_210088581e9591ca7166b1e81d10bada&sso_reload=truefalse
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          142.250.184.196
                          		www.google.comUnited States
                          		15169GOOGLEUSfalse
                          142.250.185.78
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          1.1.1.1
                          		unknownAustralia
                          		13335CLOUDFLARENETUSfalse
                          52.178.17.3
                          		unknownUnited States
                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                          13.107.246.45
                          		s-part-0017.t-0009.t-msedge.netUnited States
                          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                          13.107.246.44
                          		s-part-0016.t-0009.t-msedge.netUnited States
                          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                          20.190.159.73
                          		unknownUnited States
                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                          74.125.71.84
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          13.107.246.60
                          		s-part-0032.t-0009.t-msedge.netUnited States
                          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                          142.250.185.170
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          20.190.160.14
                          		unknownUnited States
                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                          2.19.126.143
                          		unknownEuropean Union
                          		16625AKAMAI-ASUSfalse
                          239.255.255.250
                          		unknownReserved
                          		unknownunknownfalse
                          142.250.185.142
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          142.250.185.131
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          152.199.21.175
                          		sni1gl.wpc.omegacdn.netUnited States
                          		15133EDGECASTUSfalse
                          95.101.149.99
                          		unknownEuropean Union
                          		20940AKAMAI-ASN1EUfalse
                          40.126.31.69
                          		unknownUnited States
                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                          172.217.16.131
                          		unknownUnited States
                          		15169GOOGLEUSfalse

                          Private

                          IP
                          192.168.2.16

                          General Information

                          Joe Sandbox version:41.0.0 Charoite
                          Analysis ID:1525379
                          Start date and time:2024-10-04 04:27:59 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                          Sample URL:http://microsoft.qualtrics.com
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:13
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • EGA enabled
                          Analysis Mode:stream
                          Analysis stop reason:Timeout
                          Detection:CLEAN
                          Classification:clean1.win@18/6@26/205

                          Warnings

                          • Exclude process from analysis (whitelisted): svchost.exe
                          • Excluded IPs from analysis (whitelisted): 142.250.185.131, 74.125.71.84, 142.250.185.142, 95.101.149.99, 34.104.35.123, 199.232.210.172
                          • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, e12398.b.akamaiedge.net, edgedl.me.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, cloudenhanced.qualtrics.com.edgekey.net, clients.l.google.com
                          • Not all processes where analyzed, report is missing behavior information
                          • VT rate limit hit for: aadcdn.msftauth.net
                          • VT rate limit hit for: aadcdn.msftauthimages.net
                          • VT rate limit hit for: identity.nel.measure.office.net
                          • VT rate limit hit for: login.microsoftonline.com
                          • VT rate limit hit for: microsoft.yul1.qualtrics.com
                          • VT rate limit hit for: s-part-0016.t-0009.t-msedge.net
                          • VT rate limit hit for: s-part-0017.t-0009.t-msedge.net
                          • VT rate limit hit for: s-part-0032.t-0009.t-msedge.net
                          • VT rate limit hit for: sni1gl.wpc.omegacdn.net
                          • VT rate limit hit for: www.google.com

                          LLM Input / Output

                          InputOutput
                          URL: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/saml2?SAMLRequest=fZJNT%2BMwEIb%2FiuW7EzsNbWI1RQWEFonVVjRw4IIcZ9xaSuzicar9%2BZtNqJY9wNHy%2B%2BGZx%2Bvr331HzhDQeldRkXBKwGnfWneo6HN9zwp6vVmj6ruT3A7x6J7gfQCMZPQ5lNNFRYfgpFdoUTrVA8qo5X7781 Model: jbxai
                          {
"brand":["Microsoft"],
"contains_trigger_text":true,
"trigger_text":"Can't access your account?",
"prominent_button_name":"Next",
"text_input_field_labels":["Email",
"phone",
"or Skype"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

                          Created / dropped Files

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 01:28:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2673
                          Entropy (8bit):3.9785264174878416
                          Encrypted:false
                          SSDEEP:
                          MD5:1598595CFF85C2CDCE7744FD7D084497
                          SHA1:5BD01410AF90401AFDD42B0ABD869C0585E289C1
                          SHA-256:1A004563C363EDD2FB70936424FA469EC18AA1DECFCC9046289DBEF4D84FD972
                          SHA-512:303FE8436F6A413CD49379E7CBF50D9C22BFB66952ABAD025374461ED50B245AE2B7F32126C598A014FFB5EC93497E705D95DD2DCCA126B6A109F080AE364E74
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IDY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 01:28:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2675
                          Entropy (8bit):3.9942404727607275
                          Encrypted:false
                          SSDEEP:
                          MD5:CF5060EAC652A9B54AD480093A1FFCE9
                          SHA1:CB3487E2884613BCCA470A9C8C79871CE4B6D5BE
                          SHA-256:D225F960B41A744D5501EF62738ECC1DED12B8BDA3C10A14C590A2AB6091C777
                          SHA-512:96B5827ED759BF7B043F51660CDC2FC23B2CCDD61C133730481429943ECBCBB2B70DBA48B0AF28C46C2A266436F8ED0A71002A6877ADCFD7563CC9190627A135
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,....D......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IDY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2689
                          Entropy (8bit):4.00277943781889
                          Encrypted:false
                          SSDEEP:
                          MD5:B761FF7AE796B290D120E2A0626C98BC
                          SHA1:92A49C5AA040FBE782AD748413CA808567BF2405
                          SHA-256:FB64DE2F930840A9209982F528F9D0EA11B5BC9FB09C1947D51EDFB232C065BD
                          SHA-512:727F2C70381980776E8010719FFAEA084945C359B7C21F054C3C8D95F601C461923CD4D48A74260E9B9D69C92E72DD349584719990B3DA733F7F54D63269A8FC
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IDY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 01:28:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2677
                          Entropy (8bit):3.9925460532684323
                          Encrypted:false
                          SSDEEP:
                          MD5:534AAD2AE03BCAEB1840945A6A633144
                          SHA1:0DE6D4B96E4ADD60F61DFA1826B5BEB7DA2A0DF5
                          SHA-256:7A20C78235AA6D12CD74AC232686505B96A74862DD80C0EFD4BFB5A2D6B94D51
                          SHA-512:77D70914EB5F3F0CB8E1ACC4099B7E3245EA5291BABADF2751FA8EF8ADA7BA570A386B02416E2B4E7FD9B99E9C52352982C7C9FA515601C5A2BD210331CF604F
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IDY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 01:28:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2677
                          Entropy (8bit):3.9802552778480056
                          Encrypted:false
                          SSDEEP:
                          MD5:C32B920AF86A931EA6185ADA1FD49DBF
                          SHA1:7BE946450846EE3BCD3E00DD157BE8045D0DD2F8
                          SHA-256:1EC5A2C805CEA0EB88E913E402F562D1D6ABA40A26AD0A6DDBAB19E1A92DF352
                          SHA-512:20DFED6A1C784524585E6E89BD535C49DCBCCCE44C26D9FCE8CCFE1526D8A9FA4389F441EA8DE0A3ED1CD004D700064F6150CBADFD99BD6CEC8EB6DCC83F9ADE
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IDY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 01:28:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2679
                          Entropy (8bit):3.989279503884707
                          Encrypted:false
                          SSDEEP:
                          MD5:7183D42EDECFA0CDD4587C9F034FDF4C
                          SHA1:3D24C68A617132D6A3836ED1016E86A7BEA1C32A
                          SHA-256:6727A0E0E344317F300F9021A0CD61D4D2FAB72F4DD105CFC157628E965266FA
                          SHA-512:3812B943A10DD2113DE02D4B48F7F0E6EE36D6B14BE4DD3C9F25FBEC8F0B42412978E38C28D50EB8C0FED7EA15579F5E5D597744540F2104A8FFC422C9DFB268
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,.....Y......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IDY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          Static File Info

                          No static file info