Windows
Analysis Report
https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiEPaEHJJFgiYXplLAcJlrHdy76l2h27xHZp5eIOOCTKE9AqS-2BsutjmvUi4loAaZ10inxPsZL2n-2Fn4ygPw-2F6fF0Fzgy-2BxjcWCB1aUPXBvUGF5GOSTWCjRuSi4ljDPHPHRxw-3D0wBZ_4VIg6VJN1oGMejs7X4BG-2B8Dx7zlW0DqHdFIQA-2FbNUlbN2-2BhKLCjq9fMbE2
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- chrome.exe (PID: 5948 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA) - chrome.exe (PID: 5584 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2124 --fi eld-trial- handle=199 2,i,333924 3644608925 066,149390 5012866522 9828,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
- chrome.exe (PID: 6132 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://email .sg.on24ev ent.com/ls /click?upn =u001.7kf5 QUY4LGF7Fz t7LGE4bbPP sSPtBC4KXS PVJqWhtiEP aEHJJFgiYX plLAcJlrHd y76l2h27xH Zp5eIOOCTK E9AqS-2Bsu tjmvUi4loA aZ10inxPsZ L2n-2Fn4yg Pw-2F6fF0F zgy-2BxjcW CB1aUPXBvU GF5GOSTWCj RuSi4ljDPH PHRxw-3D0w BZ_4VIg6VJ N1oGMejs7X 4BG-2B8Dx7 zlW0DqHdFI QA-2FbNUlb N2-2BhKLCj q9fMbE2gO6 OgqIjiVOui OKdJ54uR6v KH6LxoJmXa YyDP06FLny x33hmQsw-2 FTLIWM0L17 txasliYDS4 53bsTnKeaN Az2-2FJ-2B -2Byfa5Q-2 B2vvSWAbdf 9Dl2Z5wdwG UCwGK20TRy CfKegt6U47 bTw4aNEK1l PSfdulvmXn ziT-2B8RrR ELZp74sw7D YTpX78Y58L bZ84Gai2-2 BvpeTXGo5H -2B9KDMXCd G73osLK2H7 07FMBLYtaJ M-2BRceDdT ow55LEk3Ze 7e8rmRBE3P -2FDHlXbbg Ne3pQzEVX- 2FHWSTwKIE aHg-3D-3D" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 172.217.16.196 | true | false | unknown | |
r-email.sg.on24event.com | 199.83.44.68 | true | false | unknown | |
r-event.on24.com | 199.83.44.71 | true | false | unknown | |
event.on24.com | unknown | unknown | false | unknown | |
email.sg.on24event.com | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.186.78 | unknown | United States | 15169 | GOOGLEUS | false | |
2.16.238.162 | unknown | European Union | 20940 | AKAMAI-ASN1EU | false | |
1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
2.16.164.96 | unknown | European Union | 20940 | AKAMAI-ASN1EU | false | |
64.233.166.84 | unknown | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
199.83.44.71 | r-event.on24.com | United States | 18742 | ON24-SACUS | false | |
216.58.212.163 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.184.206 | unknown | United States | 15169 | GOOGLEUS | false | |
199.83.44.68 | r-email.sg.on24event.com | United States | 18742 | ON24-SACUS | false | |
172.217.16.196 | www.google.com | United States | 15169 | GOOGLEUS | false | |
172.217.16.195 | unknown | United States | 15169 | GOOGLEUS | false | |
216.58.212.170 | unknown | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.18 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1540580 |
Start date and time: | 2024-10-23 23:13:18 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Sample URL: | https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiEPaEHJJFgiYXplLAcJlrHdy76l2h27xHZp5eIOOCTKE9AqS-2BsutjmvUi4loAaZ10inxPsZL2n-2Fn4ygPw-2F6fF0Fzgy-2BxjcWCB1aUPXBvUGF5GOSTWCjRuSi4ljDPHPHRxw-3D0wBZ_4VIg6VJN1oGMejs7X4BG-2B8Dx7zlW0DqHdFIQA-2FbNUlbN2-2BhKLCjq9fMbE2gO6OgqIjiVOuiOKdJ54uR6vKH6LxoJmXaYyDP06FLnyx33hmQsw-2FTLIWM0L17txasliYDS453bsTnKeaNAz2-2FJ-2B-2Byfa5Q-2B2vvSWAbdf9Dl2Z5wdwGUCwGK20TRyCfKegt6U47bTw4aNEK1lPSfdulvmXnziT-2B8RrRELZp74sw7DYTpX78Y58LbZ84Gai2-2BvpeTXGo5H-2B9KDMXCdG73osLK2H707FMBLYtaJM-2BRceDdTow55LEk3Ze7e8rmRBE3P-2FDHlXbbgNe3pQzEVX-2FHWSTwKIEaHg-3D-3D |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean1.win@18/25@8/140 |
- Exclude process from analysis (whitelisted): svchost.exe
- Excluded IPs from analysis (whitelisted): 172.217.16.195, 64.233.166.84, 142.250.186.78, 34.104.35.123, 2.16.238.162, 2.16.238.156
- Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, a744.dscw10.akamai.net, clientservices.googleapis.com, on24static.akamaized.net, clients.l.google.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiEPaEHJJFgiYXplLAcJlrHdy76l2h27xHZp5eIOOCTKE9AqS-2BsutjmvUi4loAaZ10inxPsZL2n-2Fn4ygPw-2F6fF0Fzgy-2BxjcWCB1aUPXBvUGF5GOSTWCjRuSi4ljDPHPHRxw-3D0wBZ_4VIg6VJN1oGMejs7X4BG-2B8Dx7zlW0DqHdFIQA-2FbNUlbN2-2BhKLCjq9fMbE2gO6OgqIjiVOuiOKdJ54uR6vKH6LxoJmXaYyDP06FLnyx33hmQsw-2FTLIWM0L17txasliYDS453bsTnKeaNAz2-2FJ-2B-2Byfa5Q-2B2vvSWAbdf9Dl2Z5wdwGUCwGK20TRyCfKegt6U47bTw4aNEK1lPSfdulvmXnziT-2B8RrRELZp74sw7DYTpX78Y58LbZ84Gai2-2BvpeTXGo5H-2B9KDMXCdG73osLK2H707FMBLYtaJM-2BRceDdTow55LEk3Ze7e8rmRBE3P-2FDHlXbbgNe3pQzEVX-2FHWSTwKIEaHg-3D-3D
Input | Output |
---|---|
URL: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.org Model: claude-3-haiku-20240307 | ```json { "contains_trigger_text": true, "trigger_text": "If you have previously registered for this event, please login below:", "prominent_button_name": "LOGIN", "text_input_field_labels": [ "Email" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false } |
URL: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.org Model: claude-3-haiku-20240307 | ```json { "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "REGISTER", "text_input_field_labels": [ "Title*", "Email*", "Industry*", "Country*", "State*", "Postal Code*" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false } |
URL: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.org Model: claude-3-haiku-20240307 | ```json { "brands": [ "ON24" ] } |
URL: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.org Model: claude-3-haiku-20240307 | ```json { "brands": [ "ON24" ] } |
URL: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.org Model: gpt-4o | ```json{ "legit_domain": "on24.com", "classification": "known", "reasons": [ "The URL 'event.on24.com' is a subdomain of 'on24.com', which is the legitimate domain for ON24.", "ON24 is a known brand that provides webcasting and virtual event services.", "The use of a subdomain 'event' is consistent with the services offered by ON24, as it relates to events and webcasts.", "There are no suspicious elements in the URL such as misspellings or unusual domain extensions.", "The presence of an email input field is typical for event registration pages, which aligns with ON24's services." ], "riskscore": 2} |
URL: event.on24.com Brands: ON24 Input Fields: Email | |
URL: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.org Model: gpt-4o | ```json{ "legit_domain": "on24.com", "classification": "known", "reasons": [ "The URL 'event.on24.com' is a subdomain of 'on24.com', which is the legitimate domain for ON24.", "ON24 is a known brand that provides webcasting and virtual event services.", "The URL does not contain any suspicious elements such as misspellings or unusual domain extensions.", "The input fields are typical for event registration, which aligns with ON24's services." ], "riskscore": 2} |
URL: event.on24.com Brands: ON24 Input Fields: Title*, Email*, Industry*, Country*, State*, Postal Code* | |
URL: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.org Model: claude-3-haiku-20240307 | ```json { "contains_trigger_text": true, "trigger_text": "Evidence-Based Empowerment and Financial Support for a System-Wide MRI Safety Program", "prominent_button_name": "unknown", "text_input_field_labels": [ "First Name", "Last Name", "Company", "Title", "Email", "Industry", "Country" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false } |
URL: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.org Model: claude-3-haiku-20240307 | ```json { "brands": [ "Metrasens" ] } |
URL: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.org Model: gpt-4o | ```json{ "legit_domain": "metrasens.com", "classification": "unknown", "reasons": [ "The URL 'event.on24.com' does not directly match the brand 'Metrasens'.", "ON24 is a known platform for webinars and virtual events, which could be used by various brands including Metrasens.", "The URL 'event.on24.com' is a subdomain of 'on24.com', which is a legitimate domain for ON24.", "The brand 'Metrasens' is not widely recognized, hence classified as 'unknown'.", "The input fields are typical for event registration forms, which aligns with ON24's services." ], "riskscore": 3} |
URL: event.on24.com Brands: Metrasens Input Fields: First Name, Last Name, Company, Title, Email, Industry, Country |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 3.9764241418319894 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5BDC5C76E6FB8CBBA8C4DB2B1CA86EE6 |
SHA1: | 68FD28977804A4F3ED7ECE5056567216AC3D61D8 |
SHA-256: | 7C942697C74B51118320AC471DC5CDB93173D717EF8C5D2EDE29A910D82E8D10 |
SHA-512: | 31C2D518FDE6E992B55203E2218A3EBDFD8084BC4ED9F9AABD7F0D60F86F9E8482C18E1DC72EEA4DB67C4C4337D4BF59B850A97630B26B18FAD3D32AFE87151D |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.990461614623504 |
Encrypted: | false |
SSDEEP: | |
MD5: | C47DEEBF446337E56D5C50F0DF038F63 |
SHA1: | B6AEB816CA7F48BDDB1B2D539DAB0E5187860B34 |
SHA-256: | 341F5FA5DF09E42A290A9AE0CBB66F9AB01859689ACEE681124891F621BE6939 |
SHA-512: | 9584EA83CD5FB71FF0F8C65E196B99A16BF72CDE6742C351714AB77DD8CB70A7306588421A14BDBEF392127916CDB7A4105FF2DCA17090E70C393A7887D58409 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2691 |
Entropy (8bit): | 4.00114613158096 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4CED6CDEBA1B667A45A14FC19F035F10 |
SHA1: | 73D1546A99C0FA74ECB1BD483F6FA83F4A154275 |
SHA-256: | 337FDCE69D62C5925912A8FD31CFAFF85089784B6743A73FA70EF98E106ADA4F |
SHA-512: | 175CF53DE45A1E50CF15EF31BF40EB208ADE7F554C66E4E2F7E7C00EF17103A5EDBEE48767497083765DF829AC8FC42229EF27031B29EE3A98E91A86B6F76E40 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.988498632394872 |
Encrypted: | false |
SSDEEP: | |
MD5: | D9BD1C7458D50E1B0629983A5F947AF8 |
SHA1: | DE278CA258B618045D2D07EE6CBF21AB8AA2B940 |
SHA-256: | 2B12C17124B73F7E625830E8347C902636F6D6AB330A4965EF1802A529EE2AC3 |
SHA-512: | 5CC851FF8BAB5DA4BF4F45B8D9F47DD13B29C76962739808877C2918F482546A9247989EF0540216732ED511BD1A5BA16E2054D3508CF871F1A16576A75A8766 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.978002011674605 |
Encrypted: | false |
SSDEEP: | |
MD5: | 86E8B69E56E55C9B179AE7ED1E266028 |
SHA1: | F58F098521A8D3808835D0D58C837F10D80D040F |
SHA-256: | 85C9FE13E769D7E179C9CFA7EF351F33021DCECDB3B46559F96B3FEE80F54F73 |
SHA-512: | 9672A523C8BA79EC794FC16C56BA41BCB09E20474198D2ACC987C5FEE3919E348261A378FC03701DD03F70B4601B63B3E58C620EAE415B7A424401F48ABD8294 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9855268476080883 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6A175843E32108D40A47762EEE9FDEAB |
SHA1: | 7405FD025F2C75230FC83402A4E570B73CCDE67C |
SHA-256: | BD806C35A9AAB996A3339DA0083D4FAB7F9B52B80E1F335ECCA503649CB93E8E |
SHA-512: | FDA5867F92C1DF21F6382347782EED63691535FCB725A2D0A02A102BB8C4CE8427D48BC9BD300DEE82FE4FB021391685B586EEE4E3782A3F1B20C8C73DE0734F |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 235472 |
Entropy (8bit): | 7.995452823016873 |
Encrypted: | true |
SSDEEP: | |
MD5: | A1F67B3626AA6C1DDE47A21214A2BACD |
SHA1: | FB5BFEF666DB079A581438CAFA4990A72CF60EF1 |
SHA-256: | 4DE12927BA915B8E2C311F0F99DE411118D7C8143513CE3F78068F6F44B0C4B2 |
SHA-512: | 223D1AD1B1BA7B4D267430F758F6DCC9DE618452A8EC68F7A4C4F3B81443B4757D66328CCCAAD6A0F236A6CA5A7B9E9855E667A0DDB4884FD17DAE13A9E84C58 |
Malicious: | false |
Reputation: | unknown |
URL: | https://on24static.akamaized.net/view/eventregistration/fonts/font-segoe_ui/segoeui.woff |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 84352 |
Entropy (8bit): | 7.988901137195488 |
Encrypted: | false |
SSDEEP: | |
MD5: | 962E5E46D2E26971E766E8536364C700 |
SHA1: | FF86A58C3D581A851A62A2DAE19FD21385F3532D |
SHA-256: | 1C0F4A9A39C707C1177F88B2515094D9932B0874C676D731FD714C3410094623 |
SHA-512: | EBBA8E6AB558CEF23378D1FB55339EB0E589AD7DE02FB60898C8DCF40D62C595CEC897C18B45F17A3601386A19F0C256743FF60C36136A39DCA8E16E7370CC0E |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1454 |
Entropy (8bit): | 7.7959366611713214 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6CBF43F3AE1D079B7D7C90F1F73E9C97 |
SHA1: | 6F51609F2F11FDE6C663AFFD85924DC01D4CC85C |
SHA-256: | EE3F6AEC6430D78E4189049F3C4523D5448EF71759860BAA62A8202ED89F679C |
SHA-512: | 9684B3FF73075B1AB1893CDA345E6C9B126C1ED7C352EC36849E13179DE084255E9307F7B007E47DBF216A70BF663A41BA4E866A9F2416930792EF1B75BE0ADC |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 38950 |
Entropy (8bit): | 4.718834055394851 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0F042782BB77E05BAC5C67683712C17F |
SHA1: | 9B0DE34D75DC5448AC773D3DFFFE40DF496F72D7 |
SHA-256: | 33C1EBC20F0BAAEE7475FD82A3F1CE7307EBFCF166010A9C4C9140A48D427C88 |
SHA-512: | D2518269F917086C2EC2388EC6EABF53987B6472865ABB516E7F00E8F87D2E2FDA222D5822942C70304410992836A69961052751042FF56F0D6AA35C5BF44C2E |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 28 |
Entropy (8bit): | 4.039148671903071 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0EAD5290EE11F36AF6A907C4EC3CBCBD |
SHA1: | B69C0BE568E823942C78FAA0BFCCAE6E4AFF8EA2 |
SHA-256: | 2584F4618A9A3901536BF4CDCB3B16C28E18D959AB406867605150F511880DD1 |
SHA-512: | 9452486ADD12BE32791DD9C3DDF4DF48E4737A0B6CC1BC40918789F00CFBD4638AB07D1E8E30949133C722D1F24059671B16C186E48F77DCB8B3FC3AED387B08 |
Malicious: | false |
Reputation: | unknown |
URL: | https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSFwk82t7xfyZZSxIFDb6WR8YSBQ2z2vek?alt=proto |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 112779 |
Entropy (8bit): | 7.98536103191422 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8775D874266F0F1741B6DDC016A7B554 |
SHA1: | A78ADCB5385A6D0CF04A74EA63037B81993AB68E |
SHA-256: | 97DF91F31B44F30593E5D5249F2A429B20745EFDC95CF1B67D48145E833B41E7 |
SHA-512: | 02FC8453F1E9ADA8BE76898A4982A42727021D434248869B5594700C4692B3ECBF953912E6582661A2381EFD43DAE24AFE40F2381166B2BFA6B627CA96C639E5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 12596 |
Entropy (8bit): | 4.757176782653038 |
Encrypted: | false |
SSDEEP: | |
MD5: | CDC1DD374F940116BA63A86691394DBC |
SHA1: | 69D17B6099FC7C4362F793E3754D248852793FB0 |
SHA-256: | A901D54EDD59210C4FDAF72EA6FADF828C1FC0385A671487E7A7A98CE6BF10F1 |
SHA-512: | 93EBC808EBC1E4CF98A79B726BA8AF4B73210796BDE911FE93217A2BE463EA96F056BDDA9A0979C71A41F79C867B101CAA51B3E231108E4EF5E51412CA4F8F1F |
Malicious: | false |
Reputation: | unknown |
URL: | https://on24static.akamaized.net/view/eventregistration/24.4.1/dictionary/dictionary.en.js?b=0007823747865 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 5211175 |
Entropy (8bit): | 5.506986422528907 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6D3B47EE2826BCA50572424CF77343E1 |
SHA1: | 9F4930F72E80A98196743997333D9E669620C773 |
SHA-256: | 48E5B8657138ECBB3D10EDFBC68E1636131B2160CC29E2554007078272D49155 |
SHA-512: | 2A1E3B1EAD9D98995C801A8437FEB69776FA03A4DC3F654AEBF2CFCD47CD5169E80D0791DD5CBE553DFE203A364565FAFDD15E4B43F7E52BCF7995232CEB2583 |
Malicious: | false |
Reputation: | unknown |
URL: | https://on24static.akamaized.net/view/eventregistration/24.4.1/dist/reg30BundleJS-0007823747865.gz.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7339 |
Entropy (8bit): | 4.760431624744836 |
Encrypted: | false |
SSDEEP: | |
MD5: | 466D3024C46ECCFE5B1F471F534B529D |
SHA1: | EE2E2B5BBCF3C848EE8A01584EB04D80357BBB76 |
SHA-256: | 103A279906DA60547BC801C8D132F94BC7915F615EBA2459007C1E70E041F234 |
SHA-512: | 028C01B29AFE271E49E7CB0B22FAC0F61CC263B23A1605F12A67EAE600CD05BA21E9ED0B2D1BAD93DEDDB82ED3078D391EB47CF1928FD998286FE65BCEBAE86D |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 110903 |
Entropy (8bit): | 5.193631501736866 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2304E9C7BCB3CDF51B65AA8A2C9F8919 |
SHA1: | 0CB026033AC28E683724F87925D299E3ECFC60C2 |
SHA-256: | 009EA457FF3FF823D24E01032A8725E573018B35DDFBB7F28C67F6F58998E502 |
SHA-512: | 35884C1F2F5A9EEA674630019F670B43453199961F3DACC25ACD8FEE5B2CF16CF8090154353D48D883080DC1ECD1CF6B0CF59CC008A775EA5999910F4585CDA3 |
Malicious: | false |
Reputation: | unknown |
URL: | https://on24static.akamaized.net/view/eventregistration/24.4.1/dist/reg30BundleCSS-0007823747865.gz.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 87138 |
Entropy (8bit): | 7.975278915547102 |
Encrypted: | false |
SSDEEP: | |
MD5: | AAF3D49A203EB809CF3434A350391934 |
SHA1: | 48F40448174D71F335C34C844069BBE8761B63F1 |
SHA-256: | 6FC7457E2588AD26391B032E2C24F93E167CB0D340FE2DA4BE514516F218EEE7 |
SHA-512: | F4339ACFC69D80D61B8EAB845A8A6FB399BDE91720C8F8A598980271397B21D45ED186FFB85E91D8DA691CD0BEDD0CB08E6E8CCB0BB9959BB7BEDCBB9B851766 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1150 |
Entropy (8bit): | 5.212499153364691 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4EAAF322533442A7BEC61B0D8619999F |
SHA1: | 1BA08B6357930A6C98FE358029D51D7380F5C246 |
SHA-256: | 9480A6181B9AA45EC64B615336B9EF5A970EE640E29D8A6C361B59F474E4E31C |
SHA-512: | 3CD01BF1625A8E46A1E02679F1B9E878ACC24E9CE715F157519833D6DF1A1D017F8D83ECFEC842F5720FBC3125AD07170CB0733771E19D6D3806B729B442AA13 |
Malicious: | false |
Reputation: | unknown |
URL: | https://event.on24.com/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 16 |
Entropy (8bit): | 3.875 |
Encrypted: | false |
SSDEEP: | |
MD5: | 903747EA4323C522742842A52CE710C9 |
SHA1: | 9F806EA4288867A31A4AD53AC171AA4029DF182B |
SHA-256: | 4BD8B60F91849C936AE45615145A7B7BE2CF803322A30BABBAE7267A142CA5BB |
SHA-512: | EEF73DC29A38ED70FFCFC321931BCB5B5A29FAAC356E8F6D84F57C532EEF44AE75021C341CF7DAE26B8211924A1C0E0EC4735F6BFC4AF3970A48EB63BFB7895F |
Malicious: | false |
Reputation: | unknown |
URL: | https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSEAkOx02xpAbBNxIFDYOoWz0=?alt=proto |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 24541 |
Entropy (8bit): | 5.025691456904745 |
Encrypted: | false |
SSDEEP: | |
MD5: | BFBCE9012F05015AD4CD831A394BE342 |
SHA1: | 684973BE74B720CA7884DBC7D9EEF4672344DCD8 |
SHA-256: | 52F1382D7C8B7123934985DB264E4DF9C55F9B359FBCD5EFBB6EB567BB0BE2FD |
SHA-512: | 1EB21BB17D9A47011A8F2A00B73ED0EADD8451B1951C1BA96BA4AE89BAEC5DDAC6ABFBDE8D9CD22DCF40F66D1809FB576760EB81F24BB0DB6AA65DE90CF49FE1 |
Malicious: | false |
Reputation: | unknown |
URL: | https://event.on24.com/apic/eventRegistration/webapi/regPage/displayElements?eventid=4737373&sessionid=1&key=DE825BDFED59806FCF6781B41684F83E&code=registration&mode=login&random=0.765010095560483 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57031 |
Entropy (8bit): | 5.173583627836858 |
Encrypted: | false |
SSDEEP: | |
MD5: | C17F13673459A5A36CBA916D25871832 |
SHA1: | AA5F71DF6E9771D158DCC2499E193E49D86CA3BD |
SHA-256: | CB9EB01B060B4ACE9CB6ACD6BAEC94B801879F935F31DE21A26B6642EA3FABD6 |
SHA-512: | 3B444ED08D6F4E6D7063999881A6B8CD9F10CB412787A160FB09F4675799209D05A0FB317D4272D2182C0B46A2E7A022166AFAAAEC89A0E0FE3605A48A5CA54D |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 172 |
Entropy (8bit): | 5.173169733255691 |
Encrypted: | false |
SSDEEP: | |
MD5: | BB2E31A4BC2985165676B5067EE87BB6 |
SHA1: | 99CFF9168AF319097669B3F3C58AEB16DA687834 |
SHA-256: | 36BCFA5CA247E17D48F98538CD1FA376A511FC6CBB102FBAB8467725D80D47D9 |
SHA-512: | 5F2377B7F0BE4F98FE3544D7898FF4234F02E53489A8F769C75A3453D3FFF3A1942A0F1B70E24EC922108325C530E27AFDD13478B90BC4F8D998DA9E6B766D75 |
Malicious: | false |
Reputation: | unknown |
URL: | https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSVgkB8Mok0WJz5xIFDXrhT-ASBQ2cTkrQEgUNkgVUzhIFDTwri1USBQ2DqFs9EgUNJK5YDRIFDaB52aYSBQ1Vu_VvEgUNY67tIRIFDb6WR8YSBQ2z2vek?alt=proto |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6359 |
Entropy (8bit): | 4.5925789503655885 |
Encrypted: | false |
SSDEEP: | |
MD5: | A2E1E696F9109C439C21C7525B5B86A5 |
SHA1: | 1EB49E7AE5848C9C6D240EB94448824D7B5610B0 |
SHA-256: | 811B943E9281304989EBAA1B1227EA4A6384E933A30035B6B5E208096BE43FE2 |
SHA-512: | 8F4392936FA4C3BF1670D3D503252DCBD16AAAC0A1FA2F22C8B14E2C7C9CC866017B012DB9F72030C399D69BCD0EC0F576C39A800A9316C9D4EAB172B33C0E5D |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3058 |
Entropy (8bit): | 4.997070268333825 |
Encrypted: | false |
SSDEEP: | |
MD5: | 19039B5BF07844500970D2E6629598E6 |
SHA1: | 75A11DF260CCD2D97DD0FDD4E0F7A8A2943AA5B9 |
SHA-256: | AA7F210F48ED63F281CAA944F3CE4DFC16367012295593D3334F7209759BEA00 |
SHA-512: | FC318D8ED4C8610CB06958AE7122B28AF8C4EE77D6CC10699678B2207E9AFDAFA63E8A8C5C25C8D00B06B0481609E9ADB504F87E3137FAD79091500EC1C26FEE |
Malicious: | false |
Reputation: | unknown |
URL: | https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.org |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 77160 |
Entropy (8bit): | 7.996509451516447 |
Encrypted: | true |
SSDEEP: | |
MD5: | AF7AE505A9EED503F8B8E6982036873E |
SHA1: | D6F48CBA7D076FB6F2FD6BA993A75B9DC1ECBF0C |
SHA-256: | 2ADEFCBC041E7D18FCF2D417879DC5A09997AA64D675B7A3C4B6CE33DA13F3FE |
SHA-512: | 838FEFDBC14901F41EDF995A78FDAC55764CD4912CCB734B8BEA4909194582904D8F2AFDF2B6C428667912CE4D65681A1044D045D1BC6DE2B14113F0315FC892 |
Malicious: | false |
Reputation: | unknown |
URL: | https://on24static.akamaized.net/view/eventregistration/fonts/font-awesome_4.7/fonts/fontawesome-webfont.woff2?v=4.7.0 |
Preview: |