Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://www.holidaybunch.com

Overview

General Information

Sample URL:http://www.holidaybunch.com
Analysis ID:1540514
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Detect drive by download via clipboard copy & paste
HTML page contains obfuscated javascript
HTML page contains hidden javascript code
Stores files to the Windows start menu directory

Classification

  • System is w10x64_ra
  • chrome.exe (PID: 6848 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 4184 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1916,i,12324901844636759883,3773517799946509148,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6540 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.holidaybunch.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: http://www.holidaybunch.com/LLM: Score: 9 Reasons: The brand 'CloudFlare' is well-known and typically associated with the domain 'cloudflare.com'., The URL 'www.holidaybunch.com' does not match the legitimate domain for CloudFlare., The URL does not contain any direct reference to CloudFlare, which is suspicious., The presence of input fields labeled as 'unknown' suggests a potential phishing attempt to gather user information., The domain 'holidaybunch.com' does not have any known association with CloudFlare. DOM: 1.0.pages.csv
Source: http://www.holidaybunch.com/HTTP Parser: document.write(unescape('%3C%21%44%4F%43%54%59%50%45%20%68%74%6D%6C%3E%0A%0A%3C%68%74%6D%6C%20%6C%61
Source: http://www.holidaybunch.com/HTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none"><path fill="#B20F03" d="M16 3a13 13 0 1 0 13 13A13.015 13.015 0 0 0 16 3m0 24a11 11 0 1 1 11-11 11.01 11.01 0 0 1-11 11"/><path fill="#B20F03" d="M17.038 18.615H14.87L14.563 9.5h2....
Source: http://www.holidaybunch.com/HTTP Parser: No favicon
Source: http://www.holidaybunch.com/HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.26.2Date: Wed, 23 Oct 2024 19:13:00 GMTContent-Type: text/html; charset=UTF-8Content-Length: 8172Connection: keep-aliveLast-Modified: Tue, 22 Oct 2024 14:02:47 GMTETag: "12be8-625113957efc0-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 3d db 8e eb b8 91 5f 63 24 79 d9 95 48 4a b4 81 20 40 b7 65 ff c7 62 76 1e f2 b0 d9 60 66 82 fd fd 15 eb c2 3b 65 92 92 dd 7d 4e 0c 18 86 5b cd 4b b1 aa 58 77 52 7f fd fd 97 df fe fe cf 3f fe f6 df ff fb cb bf fe e7 d7 7f fc f1 1f ff f7 db df ff f8 f5 cf ff fa c7 af bf ff f2 5f ff fc f5 cf 7f 3a c9 eb 49 8c 27 a5 4e ea 7e 52 f2 34 a9 d3 74 39 4d c3 49 4d 27 31 9c e6 f3 49 ab d3 bc 9c e6 eb 49 de 4e c3 87 f9 ac 5d fc e7 a6 d9 fa 64 3c cd b7 d3 ac 4f 72 39 09 71 9a 27 f3 e7 fa 03 7b ad 6d ec 07 bb 9b 06 6b 17 95 69 10 37 5e 4c 63 33 dd 08 73 49 e8 3e 9e b4 38 69 49 ff c2 49 35 36 9b 4f 62 39 c9 73 7e f6 68 70 d3 fe 02 df 57 33 d4 da 5e 7d c0 38 d2 3c 34 d3 e1 a4 2b 0c 77 82 64 5d 97 f9 d7 8d 3e 06 81 f7 cc 38 88 ab ad 75 5d 4d 17 83 b4 4f f3 44 23 d2 ae bc 16 00 40 5f 68 40 2d 19 69 b0 c6 b5 01 51 07 7b cd 8c 76 a0 8b f9 0c a6 8b fc 30 b0 19 f0 26 c2 d5 0a f0 da d8 ac e5 46 28 d5 9a c7 e7 05 9a 36 fc a7 e9 cb 80 21 c9 08 e7 12 fe b5 ce 0b ed e5 c0 df 77 d3 57 4b 6a 60 48 0c 2b c5 31 e9 39 d0 05 f1 80 ec 64 c6 94 30 d1 05 20 b7 5c 71 36 d0 6a c0 f9 2c 09 c9 08 fc fa 2f 71 01 bc 7d 26 78 86 25 af 3f 54 a9 2f 4c 31 df 1d da d7 85 98 6f 41 44 37 ff 05 6c 47 bc ad 91 69 35 ff 8b 59 11 ff bb 3e 8c 20 29 02 9f 9b 57 15 26 52 c9 2c 5b 6b f7 67 bf c0 5e 18 00 8d b0 5e 03 c6 14 b3 71 e9 5f ca 12 3d 6a ef c1 69 06 1f 0d ef 19 f6 1b cc 38 48 44 03 27 f2 36 30 80 bf b4 1a c8 83 55 3c 0d f2 7a 98 e5 26 b4 7a 89 ff 8b 4f 4a 6c 39 49 62 3f e4 81 98 df 0a f0 6c b0 62 cc 75 92 37 b8 15 62 35 74 b1 08 79 0e c2 11 87 c5 ad ba 10 cc 24 45 01 60 dc 41 ee 77 b2 11 8c 30 f1 f7 72 61 db a2 18 27 c1 88 78 b0 ca a2 0e 7b b3 d5 35 c2 ed 59 87 b1 1b 3c d1 b4 10 cd da ca df f2 aa 34 c8 79 9f 28 b8 64 98 b3 08 f0 2d ff af 23 e5 c3 95 76 f7 36 ce 49 37 0d f4 5f 0d 7a 0d fb 6e f4 5a e5 f9 0c 0a 91 06 11 34 c8 b4 4e a7 43 8a eb d3 b4 d0 4e b4 28 2a f2 1e ea 6e 09 dd 05 2d 8a 44 34 6e 19 d0 aa ab 51 61 78 03 b5 b6 24 ad ed b8 05 41 3a 33 cf 58 9c a4 0c b6 81 6a b0 88 66 c0 2d 92 86 50 7d 25 08 71 16 e2 37 60 1e b3 f0 1c 0c 3e 00 6b 1b c2 6d 59 99 ce e1 8c 55 fa 25 ea 72 03 dd 2d e2 e7 4a 91 89 62 28 3b 11 f9 50 85 a5 ac 6b e8 c5 a0 a2 8c 22 bb a5 9b 88 d2 40 65 00 90 a4 10 91 7c 66 8a 4f 00 15 78 6c be 93 49 39 2b ea 65 36 da 9d f6 23 12 cb f0 a4 64 7d 8a 66 92 06 23 10 00 56 92 99 76 fd f3 d3 08 79 33 02 cc 68 d6 fb 69 88 18 09 34 dc ce 5a 78 a6 17 0e 35 32 96 2a c7 81 45 59 53 d0 3c 07 f4 3e 9d f1 2c 02 51 62 6b e0 a5 27 31 9b 67 cc 64 46 e0 59 10 ff 8a 01 33 c3 5e cd 27 cb ae be 67 e1 ba 40 2f 31 c3 27 cb e4 21 45 fc b9 36 7a 59 5c 89 1b 29 2c 83 db 3b 9b df 02 98 81 ad 6b 6b e0 a1 65 85 5a 06 45 9c e8 b0 a0 9e b0 4f a3 3d 5b 6b 85
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.holidaybunch.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Just%20a%20moment..._files/v1(1) HTTP/1.1Host: www.holidaybunch.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://www.holidaybunch.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.holidaybunch.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.holidaybunch.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.holidaybunch.com
Source: global trafficDNS traffic detected: DNS query: use.fontawesome.com
Source: global trafficDNS traffic detected: DNS query: i.ibb.co
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Wed, 23 Oct 2024 19:13:00 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 65 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8f c1 6a c3 30 10 44 ef fe 8a 6d 4e ed a1 5a 27 b8 90 83 10 b4 b1 43 03 6e 6a 5a f9 d0 a3 62 6d 90 c1 b1 5c 49 ae c9 df 57 76 28 f4 b2 30 bb 33 8f 59 7e 97 bf ef e4 57 55 c0 ab 7c 2b a1 aa 5f ca c3 0e 56 8f 88 87 42 ee 11 73 99 df 2e 1b 96 22 16 c7 95 48 b8 09 97 4e 70 43 4a 47 11 da d0 91 c8 d2 0c 8e 36 c0 de 8e bd e6 78 5b 26 1c 17 13 3f 59 7d 9d 73 6b f1 cf 13 55 c2 07 21 0d 81 a3 ef 91 7c 20 0d f5 47 09 93 f2 d0 47 d6 79 66 81 ed 21 98 d6 83 27 f7 43 8e 71 1c 66 92 8b 43 69 ed c8 7b f1 3c a8 c6 10 6e 58 c6 9e b6 70 5f 9f c6 3e 8c 0f f0 b9 04 40 05 98 a6 89 19 db b5 5a 5d e3 ad 31 ac b1 17 a8 ac 0b b0 4d 39 fe 61 62 db a5 67 2c 3d ff 97 fc 02 62 ca c6 a0 1a 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: edMj0DmNZ'CnjZbm\IWv(03Y~WU|+_VBs."HNpCJG6x[&?Y}skU!| GGyf!'CqfCi{<nXp_>@Z]1M9abg,=b0
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Wed, 23 Oct 2024 19:13:03 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 65 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8f c1 6a c3 30 10 44 ef fe 8a 6d 4e ed a1 5a 27 b8 90 83 10 b4 b1 43 03 6e 6a 5a f9 d0 a3 62 6d 90 c1 b1 5c 49 ae c9 df 57 76 28 f4 b2 30 bb 33 8f 59 7e 97 bf ef e4 57 55 c0 ab 7c 2b a1 aa 5f ca c3 0e 56 8f 88 87 42 ee 11 73 99 df 2e 1b 96 22 16 c7 95 48 b8 09 97 4e 70 43 4a 47 11 da d0 91 c8 d2 0c 8e 36 c0 de 8e bd e6 78 5b 26 1c 17 13 3f 59 7d 9d 73 6b f1 cf 13 55 c2 07 21 0d 81 a3 ef 91 7c 20 0d f5 47 09 93 f2 d0 47 d6 79 66 81 ed 21 98 d6 83 27 f7 43 8e 71 1c 66 92 8b 43 69 ed c8 7b f1 3c a8 c6 10 6e 58 c6 9e b6 70 5f 9f c6 3e 8c 0f f0 b9 04 40 05 98 a6 89 19 db b5 5a 5d e3 ad 31 ac b1 17 a8 ac 0b b0 4d 39 fe 61 62 db a5 67 2c 3d ff 97 fc 02 62 ca c6 a0 1a 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: edMj0DmNZ'CnjZbm\IWv(03Y~WU|+_VBs."HNpCJG6x[&?Y}skU!| GGyf!'CqfCi{<nXp_>@Z]1M9abg,=b0
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: classification engineClassification label: mal60.phis.win@16/10@12/105
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1916,i,12324901844636759883,3773517799946509148,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.holidaybunch.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1916,i,12324901844636759883,3773517799946509148,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected

Persistence and Installation Behavior

barindex
Source: screenshotOCR Text: x e about:blank X Just a moment.. C A Not secure I halidaybunch.cam CloudFlare Veri lg the action below. Complete these Ver'ification Steps To better prove you are not a robot. please: 1. Press & hold the Windows KeyC + R 2. In the verification window, press Ctrl + V. 3. Press Enter on your keyboard to finish. Clou curity of your You will observe and agree: E "Verify you human Rey Verification 10: 484" conn Perform the steps above to VERIFY finish verification. Ray 10: Performance & security by Cloudflare 15:13 ENG p Type here to search SG 23/10/2024
Source: screenshotOCR Text: x e about:blank X Just a moment.. C A Not secure I halidaybunch.cam CloudFlare Veri lg the action below. Complete these Ver'ification Steps To better prove you are not a robot. please: 1. Press & hold the Windows KeyC + R 2. In the verification window, press Ctrl + V. 3. Press Enter on your keyboard to finish. Clou curity of your You will observe an gree: E "Verify you human Rey verification 10: USA" conn Perform the steps above to VERIFY finish verification. Ray 10: Performance & security by Cloudflare 15:13 ENG p Type here to search SG 23/10/2024
Source: Chrome DOM: 1.1OCR Text: CloudFlare Verify lg the action below. Complete these Verification Steps To better prove you are not a robot, please: 1. Press & hold the Windows Key + R 2. In the verification window, press Ctrl + V. 3. Press Enter on your keyboard to finish. Clou You will observe and agree: curity of your E "Verify you huttari Rey Verification 10: S4S4" conn Perform the steps above to VERIFY finish verification. Ray 10: Performance & security by Cloudflare
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder
1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture4
Ingress Tool Transfer
Traffic DuplicationData Destruction

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
www.holidaybunch.com
188.127.227.229
truetrue
    unknown
    www.google.com
    142.250.181.228
    truefalse
      unknown
      i.ibb.co
      162.19.58.161
      truefalse
        unknown
        use.fontawesome.com
        unknown
        unknowntrue
          unknown
          NameMaliciousAntivirus DetectionReputation
          http://www.holidaybunch.com/true
            unknown
            http://www.holidaybunch.com/favicon.icotrue
              unknown
              http://www.holidaybunch.com/Just%20a%20moment..._files/v1(1)true
                unknown
                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs
                IPDomainCountryFlagASNASN NameMalicious
                142.250.186.78
                unknownUnited States
                15169GOOGLEUSfalse
                162.19.58.160
                unknownUnited States
                209CENTURYLINK-US-LEGACY-QWESTUSfalse
                162.19.58.161
                i.ibb.coUnited States
                209CENTURYLINK-US-LEGACY-QWESTUSfalse
                172.67.142.245
                unknownUnited States
                13335CLOUDFLARENETUSfalse
                142.251.5.84
                unknownUnited States
                15169GOOGLEUSfalse
                172.217.18.3
                unknownUnited States
                15169GOOGLEUSfalse
                188.127.227.229
                www.holidaybunch.comRussian Federation
                56694DHUBRUtrue
                142.250.185.110
                unknownUnited States
                15169GOOGLEUSfalse
                239.255.255.250
                unknownReserved
                unknownunknownfalse
                142.250.181.228
                www.google.comUnited States
                15169GOOGLEUSfalse
                172.217.16.196
                unknownUnited States
                15169GOOGLEUSfalse
                172.217.16.195
                unknownUnited States
                15169GOOGLEUSfalse
                IP
                192.168.2.16
                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1540514
                Start date and time:2024-10-23 21:12:22 +02:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                Sample URL:http://www.holidaybunch.com
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:13
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • EGA enabled
                Analysis Mode:stream
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal60.phis.win@16/10@12/105
                • Exclude process from analysis (whitelisted): svchost.exe
                • Excluded IPs from analysis (whitelisted): 172.217.16.195, 142.251.5.84, 142.250.185.110, 34.104.35.123, 172.67.142.245, 104.21.27.152
                • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com, use.fontawesome.com.cdn.cloudflare.net
                • Not all processes where analyzed, report is missing behavior information
                • VT rate limit hit for: http://www.holidaybunch.com
                InputOutput
                URL: http://www.holidaybunch.com/ Model: claude-3-haiku-20240307
                ```json
                {
                  "contains_trigger_text": true,
                  "trigger_text": "Verify you are human by completing the action below.",
                  "prominent_button_name": "Verify you are human",
                  "text_input_field_labels": "unknown",
                  "pdf_icon_visible": false,
                  "has_visible_captcha": true,
                  "has_urgent_text": false,
                  "has_visible_qrcode": false
                }
                URL: http://www.holidaybunch.com/ Model: claude-3-haiku-20240307
                ```json
                {
                  "brands": [
                    "CloudFlare"
                  ]
                }
                URL: http://www.holidaybunch.com/ Model: gpt-4o
                ```json{  "legit_domain": "cloudflare.com",  "classification": "wellknown",  "reasons": [    "The brand 'CloudFlare' is well-known and typically associated with the domain 'cloudflare.com'.",    "The URL 'www.holidaybunch.com' does not match the legitimate domain for CloudFlare.",    "The URL does not contain any direct reference to CloudFlare, which is suspicious.",    "The presence of input fields labeled as 'unknown' suggests a potential phishing attempt to gather user information.",    "The domain 'holidaybunch.com' does not have any known association with CloudFlare."  ],  "riskscore": 9}
                Google indexed: False
                URL: www.holidaybunch.com
                            Brands: CloudFlare
                            Input Fields: u, n, k, n, o, w, n
                URL: http://www.holidaybunch.com/ Model: claude-3-haiku-20240307
                ```json
                {
                  "contains_trigger_text": true,
                  "trigger_text": "Verification Steps",
                  "prominent_button_name": "VERIFY",
                  "text_input_field_labels": [
                    "Press & hold the Windows Key  R",
                    "In the verification window, press Ctrl + V",
                    "Press Enter on your keyboard to finish"
                  ],
                  "pdf_icon_visible": false,
                  "has_visible_captcha": true,
                  "has_urgent_text": true,
                  "has_visible_qrcode": false
                }
                URL: http://www.holidaybunch.com/ Model: claude-3-haiku-20240307
                ```json
                {
                  "brands": [
                    "CloudFlare"
                  ]
                }
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 18:12:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2673
                Entropy (8bit):3.9847901122617144
                Encrypted:false
                SSDEEP:
                MD5:746110524B6B44DBE191012D4E6CF02C
                SHA1:38988D9EB71159F7910C947B7436D1FA3CC59805
                SHA-256:484E0A3231D0CF34BE5B602DC907C589B3A65640386E7F7CDC2455A8636336CE
                SHA-512:4053A01E6F4AFD039D72F784D1BFFEE8032530376026E8FF083F84EE9B6772B7F59AED5870668B963E134FD3E1B6C8B6CF3C60AC88EBD68B560C6464E4B0A0DC
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,....n.D..%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 18:12:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2675
                Entropy (8bit):4.003421216852997
                Encrypted:false
                SSDEEP:
                MD5:E39EB639F7DA5EA9F5DBE426DFABDF01
                SHA1:E02A28C61F3D3DA810AC1FDAD76D326E9A937256
                SHA-256:D1C46FD761D46BF587A0ABECBD1B632F91225FC5FCDF47F6FEA329A818DB42E3
                SHA-512:FA7C852EC1AC8DF917BD9C38DE55EC30D986F566BF11F256CEEE6B58C7970D1418E46D57CA0A787B7D57C7263F3A6DE1D25E8F891B367094E882E11D93D81426
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,......9..%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2689
                Entropy (8bit):4.010359376386702
                Encrypted:false
                SSDEEP:
                MD5:9B9851484485EE8D42FB28D4A37F94D9
                SHA1:0341595CFC67FAC78C21C39CF8D826928B00885B
                SHA-256:4003CA649F37C0DF86F6297B1BD36762DE0CA7F0AF72FEAE015E25267F9ADD17
                SHA-512:2D8A0267950D549EA0A97E639E9833741BD498AC80885D79169C98D28ECE1034ADE4EB5A9FAD13E03C874203524B0441A5CBEC2E122083D8AEBF256DD4EE1874
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 18:12:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2677
                Entropy (8bit):4.000295132999291
                Encrypted:false
                SSDEEP:
                MD5:C2EF1C7BB7FFA63E8DB6BD32BFE93124
                SHA1:2E25053A912A71FBA43F1B6CB4A9E47FAB148D0A
                SHA-256:1FB875693AF8DF1B6614930A3C16CAE6104F996D6F895BCECB7E3535511517A6
                SHA-512:AAE83EDCD12BD226624EA3535AA503285A5C50EDB481E21C63961482E9712C73C3F02068A50DAC5B13BDBAB493811DEB9A04FC4FE2FE6112F34CE03BCB5AB477
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,......2..%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 18:12:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2677
                Entropy (8bit):3.9893671866738605
                Encrypted:false
                SSDEEP:
                MD5:4E9CE97948AEE3803305B58706F4CAA8
                SHA1:DD4F507EB2BACBA0E047DB5B865F952EF3F81DC1
                SHA-256:9E517F2FD6CF19F5C42A3BE5B26EA977E7333EB5ED2EFCCC193CB1F5FB17B9B7
                SHA-512:8592E5E48CBEFC497C421CB65198371CDD0CF1733CF33ABE40D2D5C6FF8A5F21078AC99D54800ED3E3B20974FD7C63F0F901B04DB4F4CC1F4A7986645DF4B48D
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,....K.?..%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 18:12:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2679
                Entropy (8bit):3.9986344195735413
                Encrypted:false
                SSDEEP:
                MD5:2D46A6E9BF02B7FBF1B7D4E8D8C92E3E
                SHA1:0FE1ED6D0AE03392AD58490F3771EEB540E88D18
                SHA-256:242A9359AD2447F28E07B2CC275C69BED47B7BE5052551164C735C40A9F76354
                SHA-512:201C250B6AA55ED6F1B56E09A6450FFC70AA201E15A8C7F8EF72189F8C3B704042AB160E105006884990879E17AC7796D160743147C0C46E097C4009FBC9CFDE
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,......'..%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:gzip compressed data, max speed, from Unix, original size modulo 2^32 282
                Category:downloaded
                Size (bytes):237
                Entropy (8bit):7.137877227893202
                Encrypted:false
                SSDEEP:
                MD5:4EBD6A6501B155302CA28530D9F11087
                SHA1:3F1F8382A059E6C6F7D130A1F1FCC9FD5EE9DE53
                SHA-256:EE4FAC124546A9AC95FE385093924E6589825534B4BB1BE335ABB90D9DDA8293
                SHA-512:A02703D4A9B7128457871B89C810FB8A72018182815396D9199FA99F569D4ADF6A874E42903EEE44D09B0D92C3785155F1D79D8D33F70BDA1EE1322A45DAB1BA
                Malicious:false
                Reputation:unknown
                URL:http://www.holidaybunch.com/Just%20a%20moment..._files/v1(1)
                Preview:..........M..j.0.D...mN.Z'......C.njZ..bm...\I...Wv(..0.3.Y~....WU..|+.._...V...B..s....."..H...NpCJG.......6....x[&...?Y}.sk...U..!....| ..G....G.yf..!..'.C.q.f..Ci..{.<...nX..p_..>....@......Z].1.......M9.ab.g,=....b......
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:gzip compressed data, from Unix, original size modulo 2^32 76776
                Category:downloaded
                Size (bytes):8172
                Entropy (8bit):7.97552952586594
                Encrypted:false
                SSDEEP:
                MD5:43DCAC37942B32A4083DF6036E82E145
                SHA1:7EA4B407B27A53AC34E06AE834D0B81D55896CE1
                SHA-256:98A3B617E70383455CD61A38F9D8F323C06B7EA81111A2E1AC4F6A81872E4FD4
                SHA-512:F3B25E4FAD3A04789FD857F1AD06B853EC5B0CF852E1DD0090ED2B4E2CE50B6AFF82173A25C22FE9952F8BC77265EBEC43B929534FC4AF8D39383A2E0CF57C9C
                Malicious:false
                Reputation:unknown
                URL:http://www.holidaybunch.com/
                Preview:...........=.._c$y.HJ.. @.e..bv...`f......;e...}N...[.K..XwR........?..........................._.....:..I.'.N.~R.4..t9M.IM'1...I.....I.N...]....d<..Or9.q.'....{.m.....k..i.7^Lc3..sI.>..8iI..I56.Ob9.s~.hp....W3..^}.8.<4..+.w.d]...>....8...u]M...O.D#....@_h@-.i...Q.{.v.......0...&.......F(.....6....!............w.WKj`H.+.1.9....d.0.. .\q6.j..,...../q..}&x.%.?T./L1.....oAD7..lG...i5..Y...>. )...W.&R.,[k.g..^....^....q._..=j..i........8HD.'.60.....U<..z..&.z...OJl9Ib?....l.b.u.7..b5t..y........$E.`.A.w...0..ra..'..x...{..5..Y...<.......4.y.(.d....-..#..v.6.I7.._.z..n.Z.......4.N.C....N.(*...n...-.D4n...Qax...$...A:3.X.....j..f.-..P}%.q..7`.....>.k..mY...U.%.r..-..J..b(;..P...k....".....@e.....|f.O..xl..I9+.e6..#...d}.f..#..V..v....y3..h..i...4..Zx...52.*.EYS.<..>..,.Qbk.'1.g.dF.Y....3.^.'..g.@/1.'..!E..6zY\..),..;......kk.e.Z.E....O.=[k..haV.D......P..N..'.6..'....N.....%..m...z.............."..L.-.H.5.."h...~e.0.}.NjM).IRR...tA;\....
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:Web Open Font Format (Version 2), TrueType, length 52648, version 1.0
                Category:downloaded
                Size (bytes):52648
                Entropy (8bit):7.996033428788516
                Encrypted:true
                SSDEEP:
                MD5:657E828FB3A5963706E24CBF9D711BB8
                SHA1:84C08557D977E0A46EC8941B2D84235069DAB229
                SHA-256:45E39853C41558C4922FF1B0895547A99E378F136EC3D9D2F4DF15CC269485FA
                SHA-512:EEBEDF24A2516B860FFA2C9241474157604F8FC2EDC9E3BF3C0A0DDDF3168519F13FC195D48D232ED8F4A5DB1C48EF0563D62B2E2BDCF55F936CBD319AB18E16
                Malicious:false
                Reputation:unknown
                URL:https://use.fontawesome.com/releases/v5.0.0/webfonts/fa-brands-400.woff2
                Preview:wOF2.............r....V.........................T.V..f...h..X.6.$..|..... ..*..m[.#qB.......*...v......@(B...............1......T+.....d.2OaAf.j.....b.>.........?2|/F...PR*J4[ &..b....E......../...q..4`M*D.c...-|.a.q.b..h..m..4....... ..N...?B....k.?.Ja.F7=....u|....zx..z..L.....ht......:w.-.P..!...Yh..q.=..'aP[........ .d.u......D65...,.HD.6..........8..4...(...V.........Q..../...8@.+J.B*..I.L........N...sn.n............&.5.rC0.nc,.X...".0r......D.."*F.6........b..._.....q$.c.[.y......../.0..#..$,.?..P......_...J..&...).c^.do...;~.....^...K...........7.[...BN..I.o.8.....{.....K.I#....~w._[e..... ..C@.n*.qd.....]T..Im.....';...."Y.,S$.I.N...6....m.!...;...2.m9E.\..d.=.W...{...S.#...y$T...]G...Bdp^.#.B....@a];.Q}....._.f..Y.I-....!9...].F/a.[.^..0..VMw..@..]...[.......-.~....U..)m....fc..N..-..iI.l]........u.{..k.y....+)X-.+p.V<.19.q.u8...T....n"..u....~..lIj.\..l....Pa$.$....i.....4%.....k.....e...\l9d..d...R.ij..NHRP:..>...s`.|
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (33229)
                Category:downloaded
                Size (bytes):33407
                Entropy (8bit):4.7584710387647835
                Encrypted:false
                SSDEEP:
                MD5:E35D9C4EBAEA0573DF8E4A9505B72EEA
                SHA1:5FBB384CD8CD7A64483E6487D8D8179A633F9954
                SHA-256:9F29F2BBB25602F4BDBD3122C317244F8FD9741106FFD5A412574B02EE794993
                SHA-512:C571015753B927017B3BEC2B1C0B0103DE27DCC5E805E1DAF8A1459E0F797ABA38FF0592F93CBEC80B98F574B18455DDBC65A1F38A8AED5ACF14EB8CE2D7265C
                Malicious:false
                Reputation:unknown
                URL:https://use.fontawesome.com/releases/v5.0.0/css/all.css
                Preview:/*!. * Font Awesome Free 5.0.0 by @fontawesome - http://fontawesome.com. * License - http://fontawesome.com/license (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */..fa,.fab,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pull-left{float
                No static file info